Denial of service in xen (Alpine package)



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-12893
CWE-ID CWE-264
Exploitation vector Local network
Public exploit N/A
Vulnerable software
 xen (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Denial of service

EUVDB-ID: #VU13521

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-12893

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists on x86 systems due to unspecified flaw. An adjacent attacker can invoke hardware debugging facilities, trigger a debug exception and cause the system to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

xen (Alpine package): 4.6.0-r0 - 4.7.5-r0

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=ca1b59327d93bdc40e475877934ab83be23847f1
https://git.alpinelinux.org/aports/commit/?id=74dce6e0451466b8eb5078660886cc226f9704f4
https://git.alpinelinux.org/aports/commit/?id=66ff4f8a6b71dd204bc568c21c45941d612402c2
https://git.alpinelinux.org/aports/commit/?id=bafb572dda2d0814641af68fa0cceff256bc3705
https://git.alpinelinux.org/aports/commit/?id=afa60b4355e66c59078ac08cf7997c5f9c4d9f48


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###