CVE-2017-10911
Description
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.082
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-3406-1) linux-image-generic_3.13.0.135.144_i386.deb | Linux |
| Linux kernel (USN-3406-1) linux-image-lowlatency_3.13.0.135.144_i386.deb | Linux |
| Machine emulator and virtualizer (USN-3414-1) qemu_2.8+dfsg-3ubuntu2.4_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3443-2) linux-image-generic-hwe-16.04_4.10.0.38.40_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3443-2) linux-image-generic-hwe-16.04_4.10.0.38.40_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3443-2) linux-image-lowlatency-hwe-16.04_4.10.0.38.40_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3443-2) linux-image-lowlatency-hwe-16.04_4.10.0.38.40_amd64.deb | Linux |
| Linux kernel (USN-3444-1) linux-image-aws_4.4.0.1039.41_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3468-2) linux-image-4.10.0-38-generic_4.10.0-38.42~16.04.1_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3468-2) linux-image-4.10.0-38-generic_4.10.0-38.42~16.04.1_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3468-2) linux-image-4.10.0-38-lowlatency_4.10.0-38.42~16.04.1_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3468-2) linux-image-4.10.0-38-lowlatency_4.10.0-38.42~16.04.1_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3468-3) linux-image-4.10.0-1008-gcp_4.10.0-1008.8_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-1009-kvm_4.4.0-1009.14_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-1033-gke_4.4.0-1033.33_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-1039-aws_4.4.0-1039.48_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-98-generic_4.4.0-98.121_i386.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-98-generic_4.4.0-98.121_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-98-lowlatency_4.4.0-98.121_i386.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-4.4.0-98-lowlatency_4.4.0-98.121_amd64.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-generic_3.13.0.135.144_i386.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-generic_3.13.0.135.144_amd64.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-lowlatency_3.13.0.135.144_i386.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-lowlatency_3.13.0.135.144_amd64.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-3.13.0-135-generic_3.13.0-135.184_i386.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-3.13.0-135-generic_3.13.0-135.184_amd64.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-3.13.0-135-lowlatency_3.13.0-135.184_i386.deb | Linux |
| Linux kernel (USN-3470-1) linux-image-3.13.0-135-lowlatency_3.13.0-135.184_amd64.deb | Linux |
| Linux kernel (USN-3468-1) linux-image-4.10.0-38-generic_4.10.0-38.42_i386.deb | Linux |
| Linux kernel (USN-3468-1) linux-image-4.10.0-38-generic_4.10.0-38.42_amd64.deb | Linux |
| Linux kernel (USN-3468-1) linux-image-4.10.0-38-lowlatency_4.10.0-38.42_i386.deb | Linux |
| Linux kernel (USN-3468-1) linux-image-4.10.0-38-lowlatency_4.10.0-38.42_amd64.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3469-2) linux-image-4.4.0-98-generic_4.4.0-98.121~14.04.1_i386.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3469-2) linux-image-4.4.0-98-generic_4.4.0-98.121~14.04.1_amd64.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3469-2) linux-image-4.4.0-98-lowlatency_4.4.0-98.121~14.04.1_i386.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3469-2) linux-image-4.4.0-98-lowlatency_4.4.0-98.121~14.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234