6.5

CVE-2017-10911

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.11.7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.353
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2 4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.debian.org/security/2017/dsa-3927
http://www.debian.org/security/2017/dsa-3945
http://www.debian.org/security/2017/dsa-3920
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
Patch
Third Party Advisory
Mailing List
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/99162
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038720
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201708-03
https://xenbits.xen.org/xsa/advisory-216.html
Vendor Advisory
Mitigation