ALPINE-CVE-2018-5244

ALPINE-CVE-2018-5244 PUBLISHED CVSS 6.5 MEDIUM

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.16	xen	4.9.1-r3, 4.0.1-r0, 4.0.1-r1
Alpine:v3.22	xen	0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.20	xen	4.3.0-r0, 0, 4.0.1-r0
Alpine:v3.21	xen	4.9.1-r3, 4.9.1-r2, 4.9.1-r1
Alpine:v3.18	xen	4.3.2-r4, 4.4.1-r1, 4.0.1-r0
Alpine:v3.19	xen	4.9.1-r2, 0, 4.0.1-r0
Alpine:v3.17	xen	4.0.1-r0, 4.0.1-r1, 4.0.1-r3
Alpine:v3.23	xen	4.9.1-r3, 0, 4.0.1-r0
Alpine:v3.15	xen	4.9.1-r3, 0, 4.0.1-r0

Timeline

Jan 5, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-5244 advisory

Open in Interactive Console →