CVE-2017-10911 — Sensitive Information Exposure in Linux

CWE-200 — Sensitive Information Exposure CWE-203 — Observable Discrepancy23 documents7 sources

Severity

6.5MEDIUMNVD

OSV7.8OSV5.5

EPSS

0.0%

top 86.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Qemu Debian Linux +1 more

Timeline

PublishedJul 5

Latest updateMay 14

Description

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages7 packages

▶Debianlinux/linux_kernel< 4.11.11-1+3

▶Ubuntulinux/linux_kernel< 3.13.0-135.184+1

▶NVDlinux/linux_kernel4.11.7

▶debiandebian/linux< linux 4.11.11-1 (bookworm)

▶debiandebian/qemu< linux 4.11.11-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-ch8x-4fwh-q3hq: The make_response function in drivers/block/xen-blkback/blkback↗2022-05-14

▶

OSV

linux-lts-xenial vulnerabilities↗2017-10-31

▶

OSV

linux vulnerabilities↗2017-10-31

▶

OSV

linux-gcp vulnerabilities↗2017-10-31

▶

OSV

linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2017-10-31

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2017-10-31

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2017-10-31

▶

Ubuntu

Linux kernel vulnerabilities↗2017-10-31

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2017-10-31

▶

Ubuntu

Linux kernel vulnerabilities↗2017-10-31

▶

💬Community

Bugzilla

CVE-2017-10911 CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-10923 xen: various flaws [↗2017-06-20

▶

Bugzilla

CVE-2017-10911 xsa216 xen: blkif responses leak backend stack data (XSA-216)↗2017-06-05

▶