SB2018030628 - Memory corruption in xen (Alpine package)
Published: March 6, 2018
Security Bulletin ID
SB2018030628
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2018-7541)
The vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=6f854a08591e446ab616d0aac83e843cddcff8a9
- https://git.alpinelinux.org/aports/commit/?id=0cfa2abffc5ad51933b5969c177bd1c441ea06f2
- https://git.alpinelinux.org/aports/commit/?id=a95df62881a771a994c4b38730c4c69b0bf07a0e
- https://git.alpinelinux.org/aports/commit/?id=7a017e10fd6de2f5477c69120b540b2cd74652a1
- https://git.alpinelinux.org/aports/commit/?id=1fb3325abc8bc3f37fa93c0663908c29e9154087