SB2018030627 - Resource exhaustion in xen (Alpine package)
Published: March 6, 2018
Security Bulletin ID
SB2018030627
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2018-7540)
The vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=6f854a08591e446ab616d0aac83e843cddcff8a9
- https://git.alpinelinux.org/aports/commit/?id=0cfa2abffc5ad51933b5969c177bd1c441ea06f2
- https://git.alpinelinux.org/aports/commit/?id=a95df62881a771a994c4b38730c4c69b0bf07a0e
- https://git.alpinelinux.org/aports/commit/?id=7a017e10fd6de2f5477c69120b540b2cd74652a1
- https://git.alpinelinux.org/aports/commit/?id=1fb3325abc8bc3f37fa93c0663908c29e9154087