CVE-2015-3631 — External Control of Critical State Data in Docker Docker

CWE-264 CWE-642 — External Control of Critical State Data CWE-285 — Improper Authorization12 documents8 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 65.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Docker Docker Docker

Timeline

PublishedMay 18

Latest updateAug 21

Description

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶Gogithub.com/docker_docker< 1.6.1

▶NVDdocker/docker1.6

🔴Vulnerability Details

OSV

Arbitrary File Override in Docker Engine in github.com/docker/docker↗2024-08-21

▶

OSV

Arbitrary File Override in Docker Engine↗2022-02-15

▶

GHSA

Arbitrary File Override in Docker Engine↗2022-02-15

▶

OSV

CVE-2015-3631: Docker Engine before 1↗2015-05-18

▶

CVEList

CVE-2015-3631: Docker Engine before 1↗2015-05-18

▶

📋Vendor Advisories

Microsoft

CVE-2015-3631: NIST NVD Details: https://nvd↗2021-07-13

▶

Red Hat

docker: volume mounts allow LSM profile escalation↗2015-05-07

▶

Debian

CVE-2015-3631: docker.io - Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Mo...↗2015

▶

💬Community

Bugzilla

CVE-2015-3631 docker-io: docker: volume mounts allow LSM profile escalation [fedora-all]↗2015-05-08

▶

Bugzilla

CVE-2015-3631 docker-io: docker: volume mounts allow LSM profile escalation [epel-6]↗2015-05-08

▶

Bugzilla

CVE-2015-3631 docker: volume mounts allow LSM profile escalation↗2015-05-06

▶