SB2016022413 - Improper access control in qemu (Alpine package)
Published: February 24, 2016
Security Bulletin ID
SB2016022413
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2015-8550)
The vulnerability allows a local privileged user to execute arbitrary code.
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=308e70ec22018c4261570b300675d9145dfea9f0
- https://git.alpinelinux.org/aports/commit/?id=06df930789bedccfba2146420a9f2f943e9015f2
- https://git.alpinelinux.org/aports/commit/?id=a148c910b9b3d31765e4d315b0db4f5195ffeb82
- https://git.alpinelinux.org/aports/commit/?id=5de48aa6054001fbbb268a8b9dfde035c7478b6a
- https://git.alpinelinux.org/aports/commit/?id=ed9dc5651926188f0fe277a0e5a51961ee5545f1
- https://git.alpinelinux.org/aports/commit/?id=7e224e4ae1720e18573440dfbecc06d0b2fdee56
- https://git.alpinelinux.org/aports/commit/?id=a145cb0cac7f44ec96bad04dc0dadd4d8c6f632b