Vulnerability Details : CVE-2023-7258

A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6
Published 2024-05-15 16:29:09
Updated 2024-05-15 18:35:11
Source Google Inc.
View at NVD,   CVE.org
Vulnerability category: Denial of service

Products affected by CVE-2023-7258

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-7258

EPSS FAQ
0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-7258

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.8
 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
N/A
N/A
 Google Inc. 2024-05-15
4.8
 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
1.2
3.6
 Google Inc. 2024-05-15

CWE ids for CVE-2023-7258

  • The product does not properly control the allocation and maintenance of a limited resource.
    Assigned by:
    • 14ed7db2-1595-443d-9d34-6215bf890778 (Primary)
    • cve-coordination@google.com (Secondary)

References for CVE-2023-7258

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close