Main Vulnerability Database SB2018030629

SB2018030629 - NULL pointer dereference in xen (Alpine package)

Published: March 6, 2018

Security Bulletin ID SB2018030629

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2018-7542)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference. An adjacent attacker can cause the service to crash by leveraging the mishandling of configurations that lack a Local APIC.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=6f854a08591e446ab616d0aac83e843cddcff8a9
https://git.alpinelinux.org/aports/commit/?id=7a017e10fd6de2f5477c69120b540b2cd74652a1
https://git.alpinelinux.org/aports/commit/?id=1fb3325abc8bc3f37fa93c0663908c29e9154087