CVE-2017-10911 : The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS user

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

Published 2017-07-05 01:29:01

Updated 2018-09-07 10:29:02

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2017-10911

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-10911

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:C/I:N/A:N	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	2.0	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-10911

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-10911

https://xenbits.xen.org/xsa/advisory-216.html

XSA-216 - Xen Security Advisories
Mitigation;Vendor Advisory
https://security.gentoo.org/glsa/201708-03

Gentoo Linux — Error 404 (Not Found)

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

[SECURITY] [DLA 1497-1] qemu security update

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3920

Debian -- Security Information -- DSA-3920-1 qemu

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3927

Debian -- Security Information -- DSA-3927-1 linux

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3945

Debian -- Security Information -- DSA-3945-1 linux

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Third Party Advisory
http://www.securityfocus.com/bid/99162

Xen 'blkif' Response Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341

xen-blkback: don't leak stack data via response ring · torvalds/linux@089bc01 · GitHub
Patch;Third Party Advisory
http://www.securitytracker.com/id/1038720

Xen Block Interface Response Initialization Error Lets Local Guest System Users Obtain Potentially Sensitive Information from Other Guest Systems or the Host System - SecurityTracker
VDB Entry;Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8

Mailing List;Third Party Advisory

Products affected by CVE-2017-10911

Linux » Linux Kernel
Versions up to, including, (<=) 4.11.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-10911

Exploit prediction scoring system (EPSS) score for CVE-2017-10911

CVSS scores for CVE-2017-10911

CWE ids for CVE-2017-10911

References for CVE-2017-10911

Products affected by CVE-2017-10911