Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2017-7995

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Published: May 3, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-7995
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.7
AV:L/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
xen / xen	-	4.2.5.x
novell / suse_linux_enterprise_point_of_sale	11.0-sp3	11.0-sp3.x
suse / openstack_cloud	5	5.x
suse / manager_proxy	2.1	2.1.x
suse / manager	2.1	2.1.x
novell / suse_linux_enterprise_server	11.0-sp3	11.0-sp3.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo