Detections
Analytics

Alpine: multiple xen packages: security update to 4.9.0-r3 (deprecated)

high Tenable Cloud Security Plugin ID 400820

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows
 callers to specify the first NUMA node that should be used for allocations through the `memflags`
 parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the
 special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >=
 MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. (CVE-2017-14316)

 - A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When
 shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon
 may crash, resulting in a DoS of any parts of the system relying on it (including domain creation /
 destruction, ballooning, device changes, etc.). (CVE-2017-14317)

 - An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles
 GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the
 page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping
 to the calling domain exists for the page in question. However, the function does not check to see if the
 owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and
 `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by
 these special domains, it will attempt to dereference a NULL pointer in the domain struct.
 (CVE-2017-14318)

 - A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping,
 the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done.
 Although the identity of the page frame was validated correctly, neither the presence of the mapping nor
 page writability were taken into account. (CVE-2017-14319)

See Also

https://git.alpinelinux.org/aports/commit/?id=23c1929fd57227a2ee38954597247b761e7980e5

https://git.alpinelinux.org/aports/commit/?id=c7dab9e89373104b9afb61c846b5ede3ee326eb3

Plugin Details

Severity: High

ID: 400820

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-14319

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 9/13/2017

Vulnerability Publication Date: 9/12/2017

Reference Information

CVE: CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319

BID: 100817, 100818, 100819, 100826

IAVA: 2017-A-0276-S

IAVB: 2017-B-0128-S