SB2020071105 - Resource management error in xen (Alpine package)
Published: July 11, 2020
Security Bulletin ID
SB2020071105
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Resource management error (CVE-ID: CVE-2020-15566)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling in event-channel port allocation in Xen. An attacker with access to guest operating system can consume more than 1023 event channels and crash the hypervisor.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3992359a2b257143f6d354a15e0d3b338c5d8e45
- https://git.alpinelinux.org/aports/commit/?id=4eb93417705cbc9cb434bae5e88502bf944f7652
- https://git.alpinelinux.org/aports/commit/?id=054ec5f5456be1d95d13e7b5c5607e9c0ed5904d
- https://git.alpinelinux.org/aports/commit/?id=a95c3541d2bc3ba65df7c81a62b776d2fd0ed4ce
- https://git.alpinelinux.org/aports/commit/?id=fc28a340a4fd7b262e11f636ab2fafe24e2d05a2