Issue metadata
Sign in to add a comment
|
CrOS: CVE-2017-10911: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-10911 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-10911 CVSS severity score: 4.9/10.0 Description: The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Jul 16 2017
upstream commit 089bc0143f489bd3a4578bdff5f4ca68fb26f341
,
Jul 16 2017
,
Jul 26 2017
Hi -- apologies I was unexpectedly out last week - Guenter could you take a look?
,
Jul 26 2017
I can, but I'll be on PTO until next Wednesday. It waited so long, guess it can wait a bit longer.
,
Aug 2 2017
Applying the upstream patch causes conflicts. We don't use Xen, and thus won't be able to test patch results. As such, risk of fixing the problem is higher than just leaving it alone. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by raymes@chromium.org
, Jul 15 2017Owner: sonnyrao@chromium.org
Status: Assigned (was: Untriaged)