VDB
CVE-2017-10911
CVE-2017-10911
PUBLISHED
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
EPSS 0.04% · 14.2th percentile
Risk Scores
EPSS Score
0.04%
14.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1059.67~20.04.1.1, 5.15.0-1098.107~20.04.1.1, 5.15.0-1102.111~20.04.1.1 |
| Ubuntu:16.04:LTS | qemu | 1:2.5+dfsg-1ubuntu4, 1:2.5+dfsg-1ubuntu3, 1:2.5+dfsg-1ubuntu2 |
| Ubuntu:24.04:LTS | linux-gcp-6.11 | *, 6.11.0-1017.17~24.04.1, 6.11.0-1016.16~24.04.1 |
| Ubuntu:14.04:LTS | linux-lts-xenial | 4.4.0-75.96~14.04.1, 4.4.0-72.93~14.04.1, 4.4.0-67.88~14.04.1 |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1008.13, 0, 4.4.0-1004.9 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:14.04:LTS | linux | 3.13.0-65.106, 3.13.0-8.28, 3.13.0-10.30 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1032.36, 4.4.0-1044.48, 4.4.0-1042.46 |
| Ubuntu:24.04:LTS | linux-azure-6.11 | *, *, 6.11.0-1018.18~24.04.1 |
| Ubuntu:16.04:LTS | linux-gcp | 0, 4.10.0-1006.6, 4.10.0-1007.7 |
| Ubuntu:16.04:LTS | linux-hwe | 4.8.0-46.49~16.04.1, 0, 4.8.0-36.36~16.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1044.51, 4.4.0-1042.49, 4.4.0-1040.47 |
| Ubuntu:16.04:LTS | linux | 4.4.0-22.40, 4.4.0-22.39, 4.4.0-21.37 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:24.04:LTS | linux-lowlatency-hwe-6.11 | 6.11.0-1016.17~24.04.1, 6.11.0-1015.16~24.04.2, 6.11.0-1014.15~24.04.1 |
| Ubuntu:16.04:LTS | linux-gke | 4.4.0-1005.6, 4.4.0-1003.3, 4.4.0-1018.18 |
| Ubuntu:24.04:LTS | linux-hwe-6.11 | *, 6.11.0-28.28~24.04.1, 6.11.0-26.26~24.04.1 |
| Ubuntu:16.04:LTS | linux-aws | 0, 4.4.0-1013.22, 4.4.0-1007.16 |
| Ubuntu:14.04:LTS | qemu | 1.7.0+dfsg-2ubuntu7, 1.7.0+dfsg-2ubuntu5, 1.7.0+dfsg-2ubuntu4 |
Timeline
- Jul 4, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-10911 third-party-advisory
- https://xenbits.xen.org/xsa/advisory-216.html third-party-advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341 third-party-advisory
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8 third-party-advisory
- https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341 third-party-advisory
- https://ubuntu.com/security/notices/USN-3414-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3468-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3468-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-3469-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3469-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-3468-3 vendor-advisory
- https://ubuntu.com/security/notices/USN-3470-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3470-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-10911 third-party-advisory