Out-of-bounds write in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-14316 |
| CWE-ID | CWE-787 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU8424
Risk: Low
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14316
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the host system.
The weakness exists due to out-of-bounds array access in the processing of NUMA node
parameters. An adjacent attacker can invoke specially crafted hypercalls and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.5.0-r0 - 4.6.3-r10
External linkshttp://git.alpinelinux.org/aports/commit/?id=902758ce76df95964c0d12e7cea24d7013cecf81
http://git.alpinelinux.org/aports/commit/?id=9e8bfa9f6da89fa610692d159505391749ab3bdf
http://git.alpinelinux.org/aports/commit/?id=37a17c61fd9573ea51e77597bf4cd57b127d48ea
http://git.alpinelinux.org/aports/commit/?id=ccc49b6e6d7e85267b83fd27bbbc66cd4c17417a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
