Medium severity6.5NVD Advisory· Published Jul 5, 2017· Updated Jun 17, 2026
CVE-2017-10911
CVE-2017-10911
Description
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- osv-coords15 versionspkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%206
< 2.6.2-41.22.2+ 14 more
- (no CPE)range: < 2.6.2-41.22.2
- (no CPE)range: < 2.9.1-6.6.3
- (no CPE)range: < 2.3.1-33.3.3
- (no CPE)range: < 2.6.2-41.22.2
- (no CPE)range: < 2.9.1-6.6.3
- (no CPE)range: < 2.6.2-41.22.2
- (no CPE)range: < 2.3.1-33.3.3
- (no CPE)range: < 2.6.2-41.22.2
- (no CPE)range: < 2.9.1-6.6.3
- (no CPE)range: < 2.3.1-33.3.3
- (no CPE)range: < 4.5.5_12-22.18.1
- (no CPE)range: < 4.4.4_21-22.42.1
- (no CPE)range: < 4.4.4_21-22.42.1
- (no CPE)range: < 4.5.5_12-22.18.1
- (no CPE)range: < 4.5.5_12-22.18.1
Patches
Vulnerability mechanics
References
11- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdMailing ListPatchThird Party Advisory
- github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341nvdPatchThird Party Advisory
- www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/99162nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038720nvdThird Party AdvisoryVDB Entry
- xenbits.xen.org/xsa/advisory-216.htmlnvdMitigationVendor Advisory
- www.debian.org/security/2017/dsa-3920nvd
- www.debian.org/security/2017/dsa-3927nvd
- www.debian.org/security/2017/dsa-3945nvd
- lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlnvd
- security.gentoo.org/glsa/201708-03nvd
News mentions
0No linked articles in our index yet.