SB2018022718 - Memory corruption in xen (Alpine package)
Published: February 27, 2018
Security Bulletin ID
SB2018022718
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2017-17563)
The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition on a targeted host system.The weakness exists due to insufficient reference count overflow checking. An adjacent attacker can use a mask that is larger than the reference count that is set on a targeted system, trigger memory corruption and cause the hypervisor to crash or gain elevated privileges.
Remediation
Install update from vendor's website.