SB2016122010 - Improper access control in xen (Alpine package)
Published: December 20, 2016
Security Bulletin ID
SB2016122010
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2016-9817)
The vulnerability allows a local authenticated user to a crash the entire system.
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=da85ca277a6878be7b6a40d6904d52c522ed214d
- https://git.alpinelinux.org/aports/commit/?id=e719edc6313651540e9d90f5600c2ed605fa6abf
- https://git.alpinelinux.org/aports/commit/?id=606dbad6dd155ec3aebfba4513206d9bdea93b52
- https://git.alpinelinux.org/aports/commit/?id=429e21cec4a19bb630e26ace13a7e81c4d8bc5dd
- https://git.alpinelinux.org/aports/commit/?id=bb51c7f4170f84a98bc3789732d7c06ab575323f