Bug 2187409 (CVE-2023-29199)
Summary: | CVE-2023-29199 vm2: Sandbox Escape | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Borja Tarraso <btarraso> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | dkuc, fjansen, gparvin, hkataria, kshier, njean, owatkins, pahickey, stcannon, teagle |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | vm2 3.9.16 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is running the sandbox.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2187413 | ||
Bug Blocks: | 2187391 |
Description
Borja Tarraso
2023-04-17 15:09:54 UTC
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.2 for RHEL 8 Via RHSA-2023:1887 https://access.redhat.com/errata/RHSA-2023:1887 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 Via RHSA-2023:1888 https://access.redhat.com/errata/RHSA-2023:1888 This issue has been addressed in the following products: multicluster engine for Kubernetes 2.0 for RHEL 8 Via RHSA-2023:1893 https://access.redhat.com/errata/RHSA-2023:1893 This issue has been addressed in the following products: multicluster engine for Kubernetes 2.1 for RHEL 8 Via RHSA-2023:1894 https://access.redhat.com/errata/RHSA-2023:1894 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2023:1897 https://access.redhat.com/errata/RHSA-2023:1897 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2023:1896 https://access.redhat.com/errata/RHSA-2023:1896 |