Memory corruption in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-17563 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
IBM Systems Director Server applications / Other server solutions xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor |
IBM Corporation Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory corruption
EUVDB-ID: #VU10611
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17563
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition on a targeted host system.
The weakness exists due to insufficient reference count overflow checking. An adjacent attacker can use a mask that is larger than the reference count that is set on a targeted system, trigger memory corruption and cause the hypervisor to crash or gain elevated privileges.
Install update from vendor's website.
Vulnerable software versionsIBM Systems Director: 6.3.2.2
xen (Alpine package): 0.16 - 0.35
xen (Alpine package): 0.2 - 0.9
xen (Alpine package): 0.4
xen (Alpine package): 2.5.3 - 2.17.5ubuntu1
xen (Alpine package): 3.4.0-1
xen (Alpine package): 0.14-1 - 0.15-2
xen (Alpine package): 2014.1-3
xen (Alpine package): 24.0-0ubuntu1
xen (Alpine package): 0.5.2-0ubuntu1 - 1.2.5ubuntu1daily13.06.14-0ubuntu1
xen (Alpine package): 3.0-0ubuntu1
xen (Alpine package): 1.5.2 - 1.6.2
xen (Alpine package): 0.1.8 - 1.0.75
xen (Alpine package): 1.20.0 - 2.18.2
xen (Alpine package): 20101020ubuntu323 - 20101020ubuntu468
xen (Alpine package): 0.3.1-0ubuntu1 - 0.10.0-3
xen (Alpine package): 0.22.1-1build1 - 0.22.1-1
xen (Alpine package): 2.1.2-1 - 2.1.26.dfsg1-14
xen (Alpine package): 0.5.16-3.5ubuntu1 - 0.5.17-6
xen (Alpine package): 1.3-1
xen (Alpine package): 6.5.2-4 - 7.35.0-1
xen (Alpine package): 1.3.9-17 - 2.0.3-2
xen (Alpine package): 0.1.2-1 - 0.2.6-1ubuntu1
xen (Alpine package): 1.0.47-2 - 1.0.64-0ubuntu1
xen (Alpine package): 0.100-3
xen (Alpine package): 2:1.0.6-2ubuntu7 - 2:1.6.4-1
xen (Alpine package): 0.8 - 9ubuntu2
xen (Alpine package): 3.0pl1-50 - 3.0pl1-119
xen (Alpine package): 1.0.0-0ubuntu1 - 1.0.0-0ubuntu2
xen (Alpine package): expression - 7.1.1-1
xen (Alpine package): 2.8.13-7 - 2.8.13-10
xen (Alpine package): 2.4.2-16 - 2.7-1
xen (Alpine package): 0.92-0ubuntu3 - 0.98-1
xen (Alpine package): 4.5.7-1 - 8.20-3ubuntu4
xen (Alpine package): 0.2.10-3 - 0.4.6-3
xen (Alpine package): 1.5 - 1.141
xen (Alpine package): 1:0.8.6-0ubuntu4 - 1:0.9.7.6-0ubuntu2
xen (Alpine package): 0.3ubuntu7 - 0.3ubuntu15.2
xen (Alpine package): 1.2.12-1ubuntu1 - 1.2.12-1
xen (Alpine package): 0.7-svn20050721 - 1.4.29-1
xen (Alpine package): 2.8.12.1-1.6 - 3.9.0-1
xen (Alpine package): 1.0.5-2 - 1.0.8-3
xen (Alpine package): 0.25-0ubuntu1 - 0.25-0ubuntu3
xen (Alpine package): 0.9-0ubuntu1 - 0.12-0ubuntu1
xen (Alpine package): 2.2.0b2
xen (Alpine package): r12.0 nil
xen (Alpine package): 3.0
xen (Alpine package):
xen (Alpine package): before 4.6.6-r3
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_systems_director:6.3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.16:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.28:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.34:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.9:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.5.3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.6.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.4.0-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.14-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2014.1-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:24.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.5.2-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.5.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.1.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.20.0:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:20101020ubuntu323:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.3.1-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.22.1-1build1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.1.2-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.5.16-3.5ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.3-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:6.5.2-4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.3.9-17:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.1.2-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.0.47-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.100-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2:1.0.6-2ubuntu7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0pl1-50:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.0.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:expression:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.8.13-7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.4.2-16:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.92-0ubuntu3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:4.5.7-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2.10-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.5:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1:0.8.6-0ubuntu4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.3ubuntu7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.2.12-1ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.7-svn20050721:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.8.12.1-1.6:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.0.5-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.25-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.9-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.2.0b2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package::*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:*:*:*:*:*:alpine_linux:*:3.3
https://git.alpinelinux.org/aports/commit/?id=6e2ae39b5d0e697b956f42282f5cb9e6ecfb2e29
https://git.alpinelinux.org/aports/commit/?id=8a03efa3f54d603aed0da0d4fd9b7439388a64cd
https://git.alpinelinux.org/aports/commit/?id=2e27888986ee5f1a314e43e670e33e3ba45fe107
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
