Vulnerability Details : CVE-2022-42150
Potential exploit
TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
Products affected by CVE-2022-42150
- cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:*:*:*:*:*:*
- cpe:2.3:a:tinylab:cloud_lab:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:tinylab:linux_lab:1.1:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42150
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42150
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2022-42150
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42150
-
https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo
Universal Container Escape with eBPF - HackMDExploit;Third Party Advisory
-
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
eBPF-Attack/PoC.md at main · eBPF-Research/eBPF-Attack · GitHubExploit;Third Party Advisory
-
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
cloud-lab/configs/common/seccomp-profiles-default.json at d19ff92713685a7fb84b423dea6a184b25c378c9 · tinyclub/cloud-lab · GitHubPatch
-
https://www.usenix.org/conference/usenixsecurity23/presentation/he
Cross Container Attacks: The Bewildered eBPF on Clouds | USENIXExploit;Third Party Advisory
-
https://github.com/tinyclub/linux-lab/issues/14
Default Configure Could Cause Container Escape Risk · Issue #14 · tinyclub/linux-lab · GitHubIssue Tracking
Jump to