Description
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3927
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3920
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201708-03
Mailing List, Third Party Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99162
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038720
Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3945
Mitigation, Vendor Advisory x_refsource_confirm
https://xenbits.xen.org/xsa/advisory-216.html
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
linux/linux_kernel
< 4.11.7
Published
Jul 05, 2017
Tracked Since
Feb 18, 2026