SB20180404116 - Denial of service in xen (Alpine package)
Published: April 4, 2018
Security Bulletin ID
SB20180404116
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2018-12891)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists on x86 systems due to unspecified flaw. An adjacent attacker can invoke certain PV MMU operations to preempt the current vCPU, prevent use of a physical CPU and cause the system to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=ca1b59327d93bdc40e475877934ab83be23847f1
- https://git.alpinelinux.org/aports/commit/?id=74dce6e0451466b8eb5078660886cc226f9704f4
- https://git.alpinelinux.org/aports/commit/?id=bafb572dda2d0814641af68fa0cceff256bc3705
- https://git.alpinelinux.org/aports/commit/?id=afa60b4355e66c59078ac08cf7997c5f9c4d9f48