SB2018121502 - Null pointer dereference in xen (Alpine package)
Published: December 15, 2018
Security Bulletin ID
SB2018121502
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Null pointer dereference (CVE-ID: CVE-2018-18883)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference when handling malicious input. A x86 HVM and PVH guest can send specially crafted content, execute arbitrary virtualization instructions, trigger null pointer deference and cause the service to crash on the host system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=f39fc76089047b3f9b0e1ec06aecb40cc1ac1786
- https://git.alpinelinux.org/aports/commit/?id=b1098f74cfa616c0046ba6c5f2d032ac2f1d8e02
- https://git.alpinelinux.org/aports/commit/?id=e28e1495e1510e8a1673d135dc5272813b38a0cf
- https://git.alpinelinux.org/aports/commit/?id=3157c8cf385f659174a6d95a9218bc3281359513
- https://git.alpinelinux.org/aports/commit/?id=fa4aef12fe69b28f195024708e67ea7e48e9fca6
- https://git.alpinelinux.org/aports/commit/?id=8a2e635d73f2f09c768259b4730dcf3f55d0ed93