Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-10911

Опубликовано: 20 июн. 2017
Источник: redhat
CVSS3: 3
CVSS2: 1.4
EPSS Низкий

Описание

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 6qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-203
https://bugzilla.redhat.com/show_bug.cgi?id=1458870xen: blkif responses leak backend stack data (XSA-216)

EPSS

Процентиль: 24%
0.00082
Низкий

3 Low

CVSS3

1.4 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-10911

CVSS3: 6.5
ubuntu
больше 8 лет назад

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

nvd логотип

CVE-2017-10911

CVSS3: 6.5
nvd
больше 8 лет назад

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

debian логотип

CVE-2017-10911

CVSS3: 6.5
debian
больше 8 лет назад

The make_response function in drivers/block/xen-blkback/blkback.c in t ...

github логотип

GHSA-ch8x-4fwh-q3hq

CVSS3: 6.5
github
больше 3 лет назад

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

suse-cvrf логотип

openSUSE-SU-2017:2938-1

suse-cvrf
больше 8 лет назад

Security update for qemu

EPSS

Процентиль: 24%
0.00082
Низкий

3 Low

CVSS3

1.4 Low

CVSS2