Alpine: xen: security update to 4.8.5-r0

high Tenable Self-Hosted Container Security Plugin ID 407899

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service
(host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data
structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for
CVE-2017-15595. (CVE-2018-19966)

- Systems with microprocessors utilizing speculative execution and address translations may allow
unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
via a terminal page fault and a side-channel analysis. (CVE-2018-3620)

- Systems with microprocessors utilizing speculative execution and address translations may allow
unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
with guest OS privilege via a terminal page fault and a side-channel analysis. (CVE-2018-3646)

- An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some
of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the
processor, and software has to be careful to configure it suitably not to lock up the core. As a result,
it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all
value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or
buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of
Service. (CVE-2018-15468)

- An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in
the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will
simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An
unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).
(CVE-2018-15469)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-15468

https://security.alpinelinux.org/vuln/CVE-2018-15469

https://security.alpinelinux.org/vuln/CVE-2018-15470

https://security.alpinelinux.org/vuln/CVE-2018-18883

https://security.alpinelinux.org/vuln/CVE-2018-19961

https://security.alpinelinux.org/vuln/CVE-2018-19962

https://security.alpinelinux.org/vuln/CVE-2018-19965

https://security.alpinelinux.org/vuln/CVE-2018-19966

https://security.alpinelinux.org/vuln/CVE-2018-19967

https://security.alpinelinux.org/vuln/CVE-2018-3620

https://security.alpinelinux.org/vuln/CVE-2018-3646

Plugin Details

Severity: High

ID: 407899

Version: Revision 1.29

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6

Percentile: 97.19

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-19966

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/10/2018

Reference Information

CVE: CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-18883, CVE-2018-19961, CVE-2018-19962, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967, CVE-2018-3620, CVE-2018-3646

BID: 105080, 105817, 105954, 106182

IAVA: 2018-A-0253-S, 2018-A-0353-S

IAVB: 2018-B-0111-S, 2018-B-0142-S, 2018-B-0149-S