Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Xen
Manager
Manager Proxy
Openstack Cloud
+2
NVD
CVSS 3.0
3.8
EPSS
0.1%