SB2018060409 - OpenSUSE Linux update for xen
Published: June 4, 2018
Security Bulletin ID
SB2018060409
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2018-10981)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists due to a failure to reject invalid transitions between states. An adjacent attacker can submit a specially crafted request designed to force the QEMU device model on the system to switch the request between two states, trigger infinite loop and cause the service to crash.
2) Integer overflow (CVE-ID: CVE-2018-10982)
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists due to an array overrun condition that occurs when the High Precision Event Timer (HPET) timer is configured to deliver interrupts in IO-APIC mode. An adjacent attacker who has the HPET timer configured to deliver interrupts in IO-APIC mode can cause the service to crash or gain root privileges.
3) Speculative Store Bypass (CVE-ID: CVE-2018-3639)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
Remediation
Install update from vendor's website.