Race condition in Google gVisor
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-362 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
gVisor Client/Desktop applications / Other client software |
| Vendor |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Race condition
EUVDB-ID: #VU15669
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: N/A
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to overwrite arbitrary files on the host system.
The weakness exists due to race condition when the VFS layer in the sandboxed helper process attempts to ensure consistency between its dentry cache, the hostPaths in the unsandboxed helper, and the host filesystem. An adjacent attacker can desynchronize the dentry cache of the sandboxed helper such that two dentries refer to the same backing file and overwrite files in the host filesystem from inside a Docker container that uses gVisor's runsc".
Install update from vendor's website.
Vulnerable software versionsgVisor: All versions
External linkshttp://bugs.chromium.org/p/project-zero/issues/detail?id=1631
http://github.com/google/gvisor/commit/75cd70ecc9abfd5daaefea04da5070a0e0d620dd
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
