CVE-2018-10892

CWE-25014 documents7 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 70.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Docker DockerMobyproject Moby[unknown] Docker+4 more
Timeline
PublishedJul 6
Latest updateMay 13

Description

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

Debiandocker.io< 18.06.1+dfsg1-1+3
NVDdocker/docker1.1118.03.1
NVDmobyproject/moby1.1117.03.2
CVEListV5[unknown]/dockern/a

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

3
GHSA
GHSA-hg92-xfw5-qgvm: The default OCI linux spec in oci/defaults{_linux}2022-05-13
OSV
CVE-2018-10892: The default OCI linux spec in oci/defaults{_linux}2018-07-06
CVEList
CVE-2018-10892: The default OCI linux spec in oci/defaults{_linux}2018-07-06

📋Vendor Advisories

2
Red Hat
docker: container breakout without selinux in enforcing mode2018-07-05
Debian
CVE-2018-10892: docker.io - The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 t...2018

💬Community

8
Bugzilla
CVE-2018-10892 podman: docker: container breakout without selinux in enforcing mode [fedora-all]2018-07-09
Bugzilla
CVE-2018-10892 cri-o: docker: container breakout without selinux in enforcing mode [fedora-all]2018-07-09
Bugzilla
CVE-2018-10892 podman: docker: container breakout without selinux in enforcing mode [fedora-all]2018-07-09
Bugzilla
CVE-2018-10892 cri-o: docker: container breakout without selinux in enforcing mode [fedora-all]2018-07-09
Bugzilla
CVE-2018-10892 docker: container breakout without selinux in enforcing mode2018-07-05
CVE-2018-10892 (MEDIUM CVSS 5.3) | The default OCI linux spec in oci/d | cvebase.io