| Revision Date: | 2017-07-04 | Version: | 1 | | Title: | CVE-2017-10911 on Ubuntu 18.04 LTS (bionic) - medium. | | Description: | The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2017-10911
| | Platform(s): | Ubuntu 18.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 18.04 LTS (bionic) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in bionic is not affected (note: '4.13.0-16.19').
OR NOT While related to the CVE in some way, the 'linux-aws' package in bionic is not affected (note: '4.15.0-1001.1').
OR NOT While related to the CVE in some way, the 'linux-azure' package in bionic is not affected (note: '4.15.0-1002.2').
OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.15.0-1002.2').
OR NOT While related to the CVE in some way, the 'linux-gcp' package in bionic is not affected (note: '4.15.0-1001.1').
OR NOT While related to the CVE in some way, the 'linux-gcp-edge' package in bionic is not affected (note: '4.18.0-1004.5~18.04.1').
OR NOT While related to the CVE in some way, the 'linux-gke' package in bionic is not affected.
OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected (note: '4.18.0-13.14~18.04.1').
OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '5.0.0-14.15~18.04.1').
OR NOT While related to the CVE in some way, the 'linux-kvm' package in bionic is not affected (note: '4.15.0-1002.2').
OR NOT While related to the CVE in some way, the 'linux-oem' package in bionic is not affected (note: '4.15.0-1002.3').
OR NOT While related to the CVE in some way, the 'linux-oracle' package in bionic is not affected (note: '4.15.0-1007.9').
OR NOT While related to the CVE in some way, the 'linux-raspi2' package in bionic is not affected (note: '4.13.0-1005.5').
OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in bionic is not affected (note: '4.4.0-1078.83').
OR NOT While related to the CVE in some way, the 'qemu' package in bionic is not affected (note: '1:2.10+dfsg-0ubuntu1').
OR NOT While related to the CVE in some way, the 'xen' package in bionic is not affected (note: 'kernel and qemu').
|
|