CVE-2017-7995

Priority
Description
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only
after accessing them, allowing host PCI device space memory reads, leading
to information disclosure. This is an error in the get_user function. NOTE:
the upstream Xen Project considers versions before 4.5.x to be EOL.
Notes
mdeslaurOlder than 4.3 only
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2020-03-18 22:50:31 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)