Race condition in gVisor - #VU15669
Published: November 1, 2018 / Updated: November 1, 2018
Vulnerability identifier: #VU15669
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: N/A
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
gVisor
gVisor
Detailed vulnerability description
The vulnerability allows an adjacent attacker to overwrite arbitrary files on the host system.
The weakness exists due to race condition when the VFS layer in the sandboxed helper process attempts to ensure consistency between its dentry cache, the hostPaths in the unsandboxed helper, and the host filesystem. An adjacent attacker can desynchronize the dentry cache of the sandboxed helper such that two dentries refer to the same backing file and overwrite files in the host filesystem from inside a Docker container that uses gVisor's runsc".
Remediation
Install update from vendor's website.