The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify hosts hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
Weakness
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Docker | Docker | 1.11 (including) | 18.03.1 (including) |
| Moby | Mobyproject | 1.11 (including) | 17.03.2 (including) |
| Red Hat Enterprise Linux 7 Extras | RedHat | podman-0:0.9.2-5.git37a2afe.el7_5 | * |
| Red Hat Enterprise Linux 7 Extras | RedHat | docker-2:1.13.1-74.git6e3bb8e.el7 | * |
| Docker.io | Ubuntu | artful | * |
| Docker.io | Ubuntu | bionic | * |
| Docker.io | Ubuntu | cosmic | * |
| Docker.io | Ubuntu | devel | * |
| Docker.io | Ubuntu | esm-apps/bionic | * |
| Docker.io | Ubuntu | esm-infra/xenial | * |
| Docker.io | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/104.html
- https://cwe.mitre.org/data/definitions/470.html
- https://cwe.mitre.org/data/definitions/69.html
References
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
- https://access.redhat.com/errata/RHBA-2018:2796
- https://access.redhat.com/errata/RHSA-2018:2482
- https://access.redhat.com/errata/RHSA-2018:2729
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892
- https://github.com/moby/moby/pull/37404
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
- https://access.redhat.com/errata/RHBA-2018:2796
- https://access.redhat.com/errata/RHSA-2018:2482
- https://access.redhat.com/errata/RHSA-2018:2729
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892
- https://github.com/moby/moby/pull/37404