Lucene search

PRIOn knowledge basePRION:CVE-2017-10911

HistoryJul 05, 2017 - 1:29 a.m.

Design/Logic Flaw

2017-07-0501:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

CPENameOperatorVersion
linux_kernelle4.11.7

CPE	Name	Operator	Version
	linux_kernel	le	4.11.7

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341

www.debian.org/security/2017/dsa-3920

www.debian.org/security/2017/dsa-3927

www.debian.org/security/2017/dsa-3945

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8

www.securityfocus.com/bid/99162

www.securitytracker.com/id/1038720

github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341

lists.debian.org/debian-lts-announce/2018/09/msg00007.html

security.gentoo.org/glsa/201708-03

xenbits.xen.org/xsa/advisory-216.html