CVE-2017-7995 xen

Metadata

low
1.7
xen
CVE-2017-7995
2017-06-18 07:52
CVE-2017-7995
2017-06-16 19:22
2017-06-01 10:03
2017-05-30 15:03
2017-05-17 05:03
2017-05-05 05:03
2017-05-04 10:03
2017-05-04 09:03
2017-05-04 07:03

Description

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster xen 4.3.0-1
jessie xen 4.3.0-1
sid xen 4.3.0-1
stretch xen 4.3.0-1
wheezy xen 4.1.6.lts1-8