Vulnerability Details : CVE-2017-10911
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-10911
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-10911
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
2.0
|
4.0
|
NIST |
CWE ids for CVE-2017-10911
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-10911
-
https://xenbits.xen.org/xsa/advisory-216.html
XSA-216 - Xen Security AdvisoriesMitigation;Vendor Advisory
-
https://security.gentoo.org/glsa/201708-03
Gentoo Linux — Error 404 (Not Found)
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
[SECURITY] [DLA 1497-1] qemu security update
-
http://www.debian.org/security/2017/dsa-3920
Debian -- Security Information -- DSA-3920-1 qemu
-
http://www.debian.org/security/2017/dsa-3927
Debian -- Security Information -- DSA-3927-1 linux
-
http://www.debian.org/security/2017/dsa-3945
Debian -- Security Information -- DSA-3945-1 linux
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/99162
Xen 'blkif' Response Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
xen-blkback: don't leak stack data via response ring · torvalds/linux@089bc01 · GitHubPatch;Third Party Advisory
-
http://www.securitytracker.com/id/1038720
Xen Block Interface Response Initialization Error Lets Local Guest System Users Obtain Potentially Sensitive Information from Other Guest Systems or the Host System - SecurityTrackerVDB Entry;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
Mailing List;Third Party Advisory
Products affected by CVE-2017-10911
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*