SB2019123142 - Resource management error in xen (Alpine package)
Published: December 31, 2019
Security Bulletin ID
SB2019123142
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2019-18422)
The vulnerability allows a local user to perform a denial of service (DoS) attack or possibly escalate privileges.
The vulnerability exists due to way Xen handles exceptions on ARM systems, without changing processor level. A local user can force a critical Xen code to run with interrupts erroneously enabled during exception entry that may lead to data corruption, denial of service and potential privilege escalation.
Note, the vulnerability affects ARM systems only.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b56efe8db5679b569767cee09b45ce5cd04b942d
- https://git.alpinelinux.org/aports/commit/?id=7704a01fec21129dc2f13feb032fb39d8b6a9cb2
- https://git.alpinelinux.org/aports/commit/?id=168f974f4f9941c940b1b4a27d1167175018ad92
- https://git.alpinelinux.org/aports/commit/?id=1a7ae75cb9ed94f62f9859f8a07a0bc1c5021604
- https://git.alpinelinux.org/aports/commit/?id=d9cf7666f5f3aa90dbce9f04bdc7d975284cc530