Lucene search

K

Ubuntu.comUB:CVE-2017-7995

HistoryMay 03, 2017 - 12:00 a.m.

CVE-2017-7995

2017-05-0300:00:00

ubuntu.com

ubuntu.com

5

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

27.1%

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only
after accessing them, allowing host PCI device space memory reads, leading
to information disclosure. This is an error in the get_user function. NOTE:
the upstream Xen Project considers versions before 4.5.x to be EOL.

Notes

Author	Note
mdeslaur	Older than 4.3 only

References

lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html

bugzilla.suse.com/show_bug.cgi?id=1033948

launchpad.net/bugs/cve/CVE-2017-7995

nvd.nist.gov/vuln/detail/CVE-2017-7995

security-tracker.debian.org/tracker/CVE-2017-7995

www.cve.org/CVERecord?id=CVE-2017-7995

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

27.1%

Related for UB:CVE-2017-7995

redhatcve1 cve1 prion1 osv2 debiancve1 nessus2 suse1 openvas2 debian1