SB2018043024 - Out-of-bounds write in xen (Alpine package)
Published: April 30, 2018
Security Bulletin ID
SB2018043024
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2018-10471)
The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists due to an unconditional write attempt of the value zero to an address near 2^64. An adjacent attacker can cause the service to crash or execute arbitrary code via unexpected INT 80 processing.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cf5828feef63ab62588f29482b15001535c73719
- https://git.alpinelinux.org/aports/commit/?id=96018bf2841ac59b632f6d84ad6247b5b825dc3a
- https://git.alpinelinux.org/aports/commit/?id=d2a71459869989207ef392e3d8338330ee055a7f
- https://git.alpinelinux.org/aports/commit/?id=9bdda5f2061773ab7f74bacd75ba922ce5fef8ac
- https://git.alpinelinux.org/aports/commit/?id=95c1be17ba7dd9d974289b72613f50e74a20e0a2
- https://git.alpinelinux.org/aports/commit/?id=73f6ed4311545e458f14db858c74d8d332f9c100