Vulnerability Details : CVE-2017-16539
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
Vulnerability category: Information leak
Products affected by CVE-2017-16539
- cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16539
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16539
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-16539
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-16539
-
https://github.com/moby/moby/pull/35399
Add /proc/scsi to masked paths by justincormack · Pull Request #35399 · moby/moby · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://marc.info/?l=linux-scsi&m=150985062200941&w=2
'[PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface' - MARCIssue Tracking;Patch;Third Party Advisory
-
https://marc.info/?l=linux-scsi&m=150985455801444&w=2
'Re: [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface' - MARCIssue Tracking;Patch;Third Party Advisory
-
https://twitter.com/ewindisch/status/926443521820774401
Erica Windisch on Twitter: "The hashtag is #scsimicdrop and the logo is https://t.co/uMWvpqmn51… "Third Party Advisory
-
https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
Add /proc/scsi to masked paths by justincormack · Pull Request #35399 · moby/moby · GitHubIssue Tracking;Third Party Advisory;Patch
Jump to