CVE-2017-10911
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
La función make_response en el archivo drivers/block/xen-blkback/blkback.c en el kernel de Linux anterior a versión 4.11.8, permite a los usuarios del sistema operativo invitado obtener información confidencial de la memoria del kernel del sistema operativo host (u otro sistema operativo invitado) mediante el aprovechamiento de la copia de campos de relleno no inicializados en estructuras de respuesta de la interfaz del bloque Xen, también se conoce como XSA-216.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-07-04 CVE Reserved
- 2017-07-05 CVE Published
- 2024-08-05 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8 | Mailing List | |
http://www.securityfocus.com/bid/99162 | Third Party Advisory | |
http://www.securitytracker.com/id/1038720 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3920 | 2018-09-07 | |
http://www.debian.org/security/2017/dsa-3927 | 2018-09-07 | |
http://www.debian.org/security/2017/dsa-3945 | 2018-09-07 | |
https://security.gentoo.org/glsa/201708-03 | 2018-09-07 | |
https://xenbits.xen.org/xsa/advisory-216.html | 2018-09-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.11.7 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.11.7" | - |
Affected
|