Main Vulnerability Database SB2016050934

SB2016050934 - Input validation error in linux-vanilla (Alpine package)

Published: May 9, 2016

Security Bulletin ID SB2016050934

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2016-3961)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=b23dbe4b3fa4109d375d6e95f249a1528219b6fb
https://git.alpinelinux.org/aports/commit/?id=7be5a1acd6d9c82c166502cf565830d21e5a24ca