SB2016122703 - NULL pointer dereference in xen (Alpine package)
Published: December 27, 2016
Security Bulletin ID
SB2016122703
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2016-10025)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2aae6d20dcc445e55f3afde8a9c1c91f9bb4b7f5
- https://git.alpinelinux.org/aports/commit/?id=da8fdc46be4a3e48a559102b6ff9f2cc78d4a37c
- https://git.alpinelinux.org/aports/commit/?id=e719edc6313651540e9d90f5600c2ed605fa6abf
- https://git.alpinelinux.org/aports/commit/?id=606dbad6dd155ec3aebfba4513206d9bdea93b52
- https://git.alpinelinux.org/aports/commit/?id=28447a61b20ea75536ad2e5ddc7252428ef28fc6
- https://git.alpinelinux.org/aports/commit/?id=19ab9bbd0fd35536a4435e502949ebcefce07b65