20180823

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

google

critical

NVD

Published: 2018-11-17

Updated: 2020-08-24

Summary

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Gvisor - Google Gvisor 2018-08-22 Google Gvisor 2018-08-23	3

References

https://justi.cz/security/2018/11/14/gvisor-lpe.html
https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca