Medium severity6.5NVD Advisory· Published Jul 5, 2017· Updated May 13, 2026

CVE-2017-10911

Description

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <=4.11.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdMailing ListPatchThird Party Advisory
github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341nvdPatchThird Party Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/99162nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038720nvdThird Party AdvisoryVDB Entry
xenbits.xen.org/xsa/advisory-216.htmlnvdMitigationVendor Advisory
www.debian.org/security/2017/dsa-3920nvd
www.debian.org/security/2017/dsa-3927nvd
www.debian.org/security/2017/dsa-3945nvd
lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlnvd
security.gentoo.org/glsa/201708-03nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000