What is CVE-2017-7995?

CVE-2017-7995 is a low-severity vulnerability in Novell Suse_linux_enterprise_point_of_sale, classified under Information Disclosure. CVSS score: 3.8/10. Published 2017-05-03.

How severe is CVE-2017-7995?

Low severity. CVSS v3 base score is 3.8 out of 10.

Information disclosure in Novell Suse_linux_enterprise_point_of_sale

CVE-2017-7995

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream…

Vulnerability class: Information Disclosure

EPSS: 0.001 (27.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.8 (Low). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N.

Affected products

Novell Suse_linux_enterprise_point_of_sale — versions 11.0
Novell Suse_linux_enterprise_server — versions 11.0
Xen
Suse Manager — versions 2.1
Suse Manager_proxy — versions 2.1
Suse Openstack_cloud — versions 5
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, VDB Entry, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2017-7995?: CVE-2017-7995 is a low-severity vulnerability in Novell Suse_linux_enterprise_point_of_sale, classified under Information Disclosure. CVSS score: 3.8/10. Published 2017-05-03.
How severe is CVE-2017-7995?: Low severity. CVSS v3 base score is 3.8 out of 10.