CVE-2018-10892
docker: container breakout without selinux in enforcing mode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
La especificación OCI por defecto de Linux en oci/defaults{_linux}.go en Docker y Moby desde la versión 1.11 hasta la más actual no bloquea los nombres de ruta /proc/acpi. El error permite que un atacante modifique el hardware del host, como habilitar/deshabilitar el bluetooth o subir/bajar el brillo del teclado.
The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-07-06 CVE Published
- 2023-11-27 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892 | Issue Tracking | |
| https://github.com/moby/moby/pull/37404 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html | 2023-02-12 | |
| https://access.redhat.com/errata/RHBA-2018:2796 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2018:2482 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2018:2729 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2018-10892 | 2018-08-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1598581 | 2018-08-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | >= 1.11 <= 18.03.1 Search vendor "Docker" for product "Docker" and version " >= 1.11 <= 18.03.1" | community_edition |
Affected
| ||||||
| Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | >= 1.11 <= 18.03.1 Search vendor "Docker" for product "Docker" and version " >= 1.11 <= 18.03.1" | enterprise_edition |
Affected
| ||||||
| Mobyproject Search vendor "Mobyproject" | Moby Search vendor "Mobyproject" for product "Moby" | >= 1.11 <= 17.03.2 Search vendor "Mobyproject" for product "Moby" and version " >= 1.11 <= 17.03.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 12 Search vendor "Redhat" for product "Openstack" and version "12" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||