6.5
CVE-2017-10911
- EPSS 0.45%
- Veröffentlicht 05.07.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 4.11.7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2 | 4 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.debian.org/security/2017/dsa-3927
http://www.debian.org/security/2017/dsa-3945
http://www.debian.org/security/2017/dsa-3920
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
http://www.securityfocus.com/bid/99162
http://www.securitytracker.com/id/1038720
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
https://security.gentoo.org/glsa/201708-03
https://xenbits.xen.org/xsa/advisory-216.html