Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-10911

Date: July 4, 2017

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

Language: C

Severity Score

Related Resources (15)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
https://security-tracker.debian.org/tracker/CVE-2017-10911
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911
https://nvd.nist.gov/vuln/detail/CVE-2017-10911
https://xenbits.xen.org/xsa/advisory-216.html
http://www.securityfocus.com/bid/99162
http://www.debian.org/security/2017/dsa-3920
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
http://www.securitytracker.com/id/1038720
https://security.gentoo.org/glsa/201708-03
http://www.debian.org/security/2017/dsa-3945
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.debian.org/security/2017/dsa-3927
https://www.mend.io/vulnerability-database/CVE-2017-10911

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us