SB2016081110 - NULL pointer dereference in xen (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2016-5242)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. <a href="http://cwe.mitre.org/data/definitions/476. A remote attacker can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=39334b55a641271e04b6529e4ba75f780b232a6c
• https://git.alpinelinux.org/aports/commit/?id=59d51c1852e15d7d5e6d20ca1c5e19b137c2ea37
• https://git.alpinelinux.org/aports/commit/?id=4d9b1191d25346078292e15a72277491186551d1