Denial of service in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-19961 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Denial of service
EUVDB-ID: #VU16002
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19961
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to insufficient TLB flushing after improper large page mappings with AMD IOMMUs. An adjacent attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.7.0-r0 - 4.9.3-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=f39fc76089047b3f9b0e1ec06aecb40cc1ac1786
http://git.alpinelinux.org/aports/commit/?id=b1098f74cfa616c0046ba6c5f2d032ac2f1d8e02
http://git.alpinelinux.org/aports/commit/?id=e28e1495e1510e8a1673d135dc5272813b38a0cf
http://git.alpinelinux.org/aports/commit/?id=3157c8cf385f659174a6d95a9218bc3281359513
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
