Side-channel attack in xen (Alpine package)

1) Side-channel attack

EUVDB-ID: #VU14411

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3620

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Mitigation

Install update from vendor's website.

Vulnerable software versions

xen (Alpine package): 4.6.0-r0 - 4.8.4-r0

CPE2.3

• cpe:2.3:o:alpine:xen_alpine_package:4.8.2-r0:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:xen_alpine_package:4.8.2-r1:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:xen_alpine_package:4.8.2-r2:*:*:*:*:alpine_linux:*:

External links

http://git.alpinelinux.org/aports/commit/?id=b1098f74cfa616c0046ba6c5f2d032ac2f1d8e02
http://git.alpinelinux.org/aports/commit/?id=3157c8cf385f659174a6d95a9218bc3281359513
http://git.alpinelinux.org/aports/commit/?id=fa4aef12fe69b28f195024708e67ea7e48e9fca6
http://git.alpinelinux.org/aports/commit/?id=8a2e635d73f2f09c768259b4730dcf3f55d0ed93
http://git.alpinelinux.org/aports/commit/?id=ca1b59327d93bdc40e475877934ab83be23847f1
http://git.alpinelinux.org/aports/commit/?id=74dce6e0451466b8eb5078660886cc226f9704f4

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.