SB2016122702 - Input validation error in xen (Alpine package)
Published: December 27, 2016
Security Bulletin ID
SB2016122702
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2016-10024)
The vulnerability allows a local privileged user to a crash the entire system.
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2aae6d20dcc445e55f3afde8a9c1c91f9bb4b7f5
- https://git.alpinelinux.org/aports/commit/?id=da8fdc46be4a3e48a559102b6ff9f2cc78d4a37c
- https://git.alpinelinux.org/aports/commit/?id=e719edc6313651540e9d90f5600c2ed605fa6abf
- https://git.alpinelinux.org/aports/commit/?id=606dbad6dd155ec3aebfba4513206d9bdea93b52
- https://git.alpinelinux.org/aports/commit/?id=28447a61b20ea75536ad2e5ddc7252428ef28fc6
- https://git.alpinelinux.org/aports/commit/?id=19ab9bbd0fd35536a4435e502949ebcefce07b65