SB2015111009 - Improper check or handling of exceptional conditions in linux-grsec (Alpine package)
Published: November 10, 2015
Security Bulletin ID
SB2015111009
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper check or handling of exceptional conditions (CVE-ID: CVE-2015-8104)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists in the KVM subsystem due to many #DB (aka Debug) exceptions, related to svm.c. An adjacent attacker can cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=29678cb92eeeb6dc96ec2e86481345797474ddb8
- https://git.alpinelinux.org/aports/commit/?id=6a020fa149b82307ca356d1a3fe861420eb56d49
- https://git.alpinelinux.org/aports/commit/?id=3d085528053ed26c6d328dbb0c29afbd7741421c
- https://git.alpinelinux.org/aports/commit/?id=7dbea86ac6d1cc87bf497ecefa083787a5ee84c1
- https://git.alpinelinux.org/aports/commit/?id=2b6e9288f839c1f3133b73dd3f7b91f06bcaa6dd
- https://git.alpinelinux.org/aports/commit/?id=d48fe1751d8303757741f6e904adb066c8eb647c