CVE-2017-7995
3.8
LOW
CVSS 3.1
EPSS 0.10%
Description
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
How to fix CVE-2017-7995
To remediate CVE-2017-7995, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.3.0-1 or later
Is CVE-2017-7995 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.3.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |