Main Vulnerability Database SB2018010536

SB2018010536 - Memory leak in xen (Alpine package)

Published: January 5, 2018

Security Bulletin ID SB2018010536

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Memory leak (CVE-ID: CVE-2017-15593)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an adjacent attacker to cause DoS conditions on the target system.

The weakness exists due to mishandling of reference counts. An adjacent attacker can trigger memory leak and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=0fab8db7500d0c5f6eb28d74ecfc5d9e4fd379e3
https://git.alpinelinux.org/aports/commit/?id=eac7d0a6acaaa7d2ab03a2ce4bfe967a6bba9036
https://git.alpinelinux.org/aports/commit/?id=dc1cbe038e2494f5fa124e3d2942987672acafa6