SB2020071102 - Untrusted Pointer Dereference in xen (Alpine package)
Published: July 11, 2020
Security Bulletin ID
SB2020071102
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Untrusted Pointer Dereference (CVE-ID: CVE-2020-15563)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to inverted code paths in x86 dirty VRAM tracking in Xen. An attacker with access to HVM guest operating system can crash the hypervisor.
Note: the vulnerability affects x86 systems only.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3992359a2b257143f6d354a15e0d3b338c5d8e45
- https://git.alpinelinux.org/aports/commit/?id=4eb93417705cbc9cb434bae5e88502bf944f7652
- https://git.alpinelinux.org/aports/commit/?id=054ec5f5456be1d95d13e7b5c5607e9c0ed5904d
- https://git.alpinelinux.org/aports/commit/?id=a95c3541d2bc3ba65df7c81a62b776d2fd0ed4ce
- https://git.alpinelinux.org/aports/commit/?id=fc28a340a4fd7b262e11f636ab2fafe24e2d05a2