QwikSec

Security Database

CVE

CWE

Training

CVE-2017-10911

Published: Jul 5, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://xenbits.xen.org/xsa/advisory-216.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.