Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-19962 |
CWE-ID | CWE-264 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU16562
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19962
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists on AMD x86 platforms due to small IOMMU mappings are unsafely combined into larger ones. An adjacent attacker can gain host OS privileges.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.7.0-r0 - 4.9.3-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=f39fc76089047b3f9b0e1ec06aecb40cc1ac1786
http://git.alpinelinux.org/aports/commit/?id=b1098f74cfa616c0046ba6c5f2d032ac2f1d8e02
http://git.alpinelinux.org/aports/commit/?id=e28e1495e1510e8a1673d135dc5272813b38a0cf
http://git.alpinelinux.org/aports/commit/?id=3157c8cf385f659174a6d95a9218bc3281359513
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.