Resource management error in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-15566 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU29602
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-15566
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling in event-channel port allocation in Xen. An attacker with access to guest operating system can consume more than 1023 event channels and crash the hypervisor.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.10.1-r0 - 4.12.3-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=3992359a2b257143f6d354a15e0d3b338c5d8e45
http://git.alpinelinux.org/aports/commit/?id=4eb93417705cbc9cb434bae5e88502bf944f7652
http://git.alpinelinux.org/aports/commit/?id=054ec5f5456be1d95d13e7b5c5607e9c0ed5904d
http://git.alpinelinux.org/aports/commit/?id=a95c3541d2bc3ba65df7c81a62b776d2fd0ed4ce
http://git.alpinelinux.org/aports/commit/?id=fc28a340a4fd7b262e11f636ab2fafe24e2d05a2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
