CVE-2017-10911

NameCVE-2017-10911
DescriptionThe make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1099-1, DLA-1497-1, DSA-3920-1, DSA-3927-1, DSA-3945-1
NVD severitymedium (attack range: local)
Debian Bugs869706

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1fixed
jessie (security)3.16.72-1fixed
stretch4.9.168-1fixed
stretch (security)4.9.168-1+deb9u5fixed
buster4.19.37-5fixed
buster (security)4.19.37-5+deb10u2fixed
bullseye4.19.37-6fixed
sid5.2.9-2fixed
qemu (PTS)jessie1:2.1+dfsg-12+deb8u6vulnerable
jessie (security)1:2.1+dfsg-12+deb8u11fixed
stretch1:2.8+dfsg-6+deb9u5fixed
stretch (security)1:2.8+dfsg-6+deb9u7fixed
buster1:3.1+dfsg-8~deb10u1fixed
bullseye, sid1:3.1+dfsg-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.11.11-1medium
linuxsourcejessie3.16.43-2+deb8u3mediumDSA-3945-1
linuxsourcestretch4.9.30-2+deb9u3mediumDSA-3927-1
linuxsourcewheezy3.2.93-1mediumDLA-1099-1
qemusource(unstable)1:2.8+dfsg-7medium869706
qemusourcejessie1:2.1+dfsg-12+deb8u7mediumDLA-1497-1
qemusourcestretch1:2.8+dfsg-6+deb9u1mediumDSA-3920-1
qemu-kvmsource(unstable)(unfixed)medium

Notes

[wheezy] - qemu <no-dsa> (Wheezy's xen uses an embedded qemu copy)
[wheezy] - qemu-kvm <no-dsa> (Wheezy's xen uses an embedded qemu copy)
https://xenbits.xen.org/xsa/advisory-216.html

Search for package or bug name: Reporting problems