cvedb.io
CVE-2017-7995
LOW · CVSS 3.8
EPSS exploitation probability: 0%
Published 2017-05-03T19:59:00.143 · Last modified 2026-06-17T01:25:36.870

Summary

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Affected products

xen — xen

Does this affect you?

Add your gear to cvedb and we'll alert you only when xen ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.