CVE-2017-10911

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341	Mailing List Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3920
http://www.debian.org/security/2017/dsa-3927
http://www.debian.org/security/2017/dsa-3945
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99162	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038720	Third Party Advisory VDB Entry
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201708-03
https://xenbits.xen.org/xsa/advisory-216.html	Mitigation Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341	Mailing List Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3920
http://www.debian.org/security/2017/dsa-3927
http://www.debian.org/security/2017/dsa-3945
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99162	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038720	Third Party Advisory VDB Entry
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201708-03
https://xenbits.xen.org/xsa/advisory-216.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:06

Type	Values Removed	Values Added
References	~~() http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341 - Mailing List, Patch, Third Party Advisory~~	() http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.debian.org/security/2017/dsa-3920 -~~	() http://www.debian.org/security/2017/dsa-3920 -
References	~~() http://www.debian.org/security/2017/dsa-3927 -~~	() http://www.debian.org/security/2017/dsa-3927 -
References	~~() http://www.debian.org/security/2017/dsa-3945 -~~	() http://www.debian.org/security/2017/dsa-3945 -
References	~~() http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8 - Mailing List, Third Party Advisory~~	() http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8 - Mailing List, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/99162 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/99162 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1038720 - VDB Entry, Third Party Advisory~~	() http://www.securitytracker.com/id/1038720 - Third Party Advisory, VDB Entry
References	~~() https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341 - Patch, Third Party Advisory~~	() https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341 - Patch, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html -
References	~~() https://security.gentoo.org/glsa/201708-03 -~~	() https://security.gentoo.org/glsa/201708-03 -
References	~~() https://xenbits.xen.org/xsa/advisory-216.html - Mitigation, Vendor Advisory~~	() https://xenbits.xen.org/xsa/advisory-216.html - Mitigation, Vendor Advisory

Information

Published : 2017-07-05 01:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-10911

Mitre link : CVE-2017-10911

CVE.ORG link : CVE-2017-10911

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-10911

6.5^/10

4.9^/10

Attach tags to `CVE-2017-10911`