Denial of service in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-12891 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Denial of service
EUVDB-ID: #VU13520
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12891
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists on x86 systems due to unspecified flaw. An adjacent attacker can invoke certain PV MMU operations to preempt the current vCPU, prevent use of a physical CPU and cause the system to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.6.0-r0 - 4.7.5-r0
CPE2.3- cpe:2.3:a:alpine:xen_alpine_package:4.6.0-r0:*:*:*:*:alpine_linux:*:3.2
- cpe:2.3:a:alpine:xen_alpine_package:4.6.0-r1:*:*:*:*:alpine_linux:*:3.2
- cpe:2.3:a:alpine:xen_alpine_package:4.6.0-r2:*:*:*:*:alpine_linux:*:3.2
https://git.alpinelinux.org/aports/commit/?id=ca1b59327d93bdc40e475877934ab83be23847f1
https://git.alpinelinux.org/aports/commit/?id=74dce6e0451466b8eb5078660886cc226f9704f4
https://git.alpinelinux.org/aports/commit/?id=bafb572dda2d0814641af68fa0cceff256bc3705
https://git.alpinelinux.org/aports/commit/?id=afa60b4355e66c59078ac08cf7997c5f9c4d9f48
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
