File Manipulation Vulnerability in Google gVisor
CVE-2018-16359

6.8MEDIUM

Key Information:

Vendor: Google
Status: Gvisor
Vendor: CVE Published:; 2 September 2018

Summary

A file manipulation vulnerability exists in Google gVisor prior to August 23, 2018, where the seccomp sandbox does not adequately restrict access to the renameat system call. This flaw allows an attacker to rename files on the host operating system, posing a significant risk to system integrity and potentially leading to unauthorized file access or alteration. It is crucial for users to apply updates to gVisor to mitigate this security issue.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...

x_refsource_MISC

https://github.com/google/gvisor/commit/001a4c2493b13a43d...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 2, 2018
Vulnerability Reserved
Sep 2, 2018