SB2018051743 - Integer overflow in xen (Alpine package)
Published: May 17, 2018
Security Bulletin ID
SB2018051743
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2018-10982)
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists due to an array overrun condition that occurs when the High Precision Event Timer (HPET) timer is configured to deliver interrupts in IO-APIC mode. An adjacent attacker who has the HPET timer configured to deliver interrupts in IO-APIC mode can cause the service to crash or gain root privileges.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cf5828feef63ab62588f29482b15001535c73719
- https://git.alpinelinux.org/aports/commit/?id=66ff4f8a6b71dd204bc568c21c45941d612402c2
- https://git.alpinelinux.org/aports/commit/?id=96018bf2841ac59b632f6d84ad6247b5b825dc3a
- https://git.alpinelinux.org/aports/commit/?id=5f72054ca4ac3f0f8f05c17a83a9c203f580bddc
- https://git.alpinelinux.org/aports/commit/?id=d2a71459869989207ef392e3d8338330ee055a7f
- https://git.alpinelinux.org/aports/commit/?id=9a8ee8c0046132a4ccaab5cffc615967367db70d
- https://git.alpinelinux.org/aports/commit/?id=9bdda5f2061773ab7f74bacd75ba922ce5fef8ac