Out-of-bounds write in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-14316 |
| CWE-ID | CWE-787 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU8424
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14316
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the host system.
The weakness exists due to out-of-bounds array access in the processing of NUMA node
parameters. An adjacent attacker can invoke specially crafted hypercalls and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.5.0-r0 - 4.6.3-r10
CPE2.3- cpe:2.3:a:alpine:xen_alpine_package:4.5.0-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:a:alpine:xen_alpine_package:4.5.0-r1:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:a:alpine:xen_alpine_package:4.5.1-r0:*:*:*:*:alpine_linux:*:3.1
https://git.alpinelinux.org/aports/commit/?id=902758ce76df95964c0d12e7cea24d7013cecf81
https://git.alpinelinux.org/aports/commit/?id=9e8bfa9f6da89fa610692d159505391749ab3bdf
https://git.alpinelinux.org/aports/commit/?id=37a17c61fd9573ea51e77597bf4cd57b127d48ea
https://git.alpinelinux.org/aports/commit/?id=ccc49b6e6d7e85267b83fd27bbbc66cd4c17417a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
