SB2018021619 - OpenSUSE Linux update for xen
Published: February 16, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2017-15595)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS conditions on the target system.
The weakness exists due to improper input validation. An adjacent attacker can supply specially crafted page-table stacking, trigger unbounded recursion, stack consumption, gain elevated privileges or cause hypervisor crash.
2) Memory corruption (CVE-ID: CVE-2017-17563)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition on a targeted host system.
The weakness exists due to insufficient reference count overflow checking. An adjacent attacker can use a mask that is larger than the reference count that is set on a targeted system, trigger memory corruption and cause the hypervisor to crash or gain elevated privileges.
3) Denial of service (CVE-ID: CVE-2017-17564)
CWE-ID: CWE-388 - Error Handling
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges.
The weakness exists due to improper error handling for reference counts. A remote attacker can trigger memory corruption, cause the hypervisor to crash or gain elevated privileges on the target system.
4) Denial of service (CVE-ID: CVE-2017-17565)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to improper assertion related to machine-to-physical (M2P) translation table entries. A remote attacker can cause the system to crash.
5) Denial of service (CVE-ID: CVE-2017-17566)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to improper auxiliary page mapping. A remote attacker can cause the system to crash.
6) Out-of-bounds read (CVE-ID: CVE-2017-18030)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the cirrus_invalidate_region function in hw/display/cirrus_vga.c due to out-of-bounds read. A remote attacker can use vectors related to negative pitch, trigger memory error and cause QEMU process to crash.
7) Information disclosure (CVE-ID: CVE-2017-5715)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
8) Information disclosure (CVE-ID: CVE-2017-5753)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
9) Information disclosure (CVE-ID: CVE-2017-5754)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
10) Out-of-bounds read (CVE-ID: CVE-2018-5683)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent low-privileged attacker to cause DoS condition on the target system.
The weakness exists in the vga_draw_text function due to out-of-bounds read. A remote attacker can leverage improper memory address validation, trigger memory error and cause QEMU process to crash.
Remediation
Install update from vendor's website.