Bug 2187409 (CVE-2023-29199)

Summary: CVE-2023-29199 vm2: Sandbox Escape
Product: [Other] Security Response Reporter: Borja Tarraso <btarraso>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: dkuc, fjansen, gparvin, hkataria, kshier, njean, owatkins, pahickey, stcannon, teagle
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: vm2 3.9.16 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is running the sandbox.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2187413    
Bug Blocks: 2187391    

Description Borja Tarraso 2023-04-17 15:09:54 UTC 
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
Comment 3 errata-xmlrpc 2023-04-19 23:50:28 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.2 for RHEL 8

Via RHSA-2023:1887 https://access.redhat.com/errata/RHSA-2023:1887
Comment 4 errata-xmlrpc 2023-04-20 01:39:31 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:1888 https://access.redhat.com/errata/RHSA-2023:1888
Comment 5 errata-xmlrpc 2023-04-20 01:52:16 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.0 for RHEL 8

Via RHSA-2023:1893 https://access.redhat.com/errata/RHSA-2023:1893
Comment 6 errata-xmlrpc 2023-04-20 01:54:12 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.1 for RHEL 8

Via RHSA-2023:1894 https://access.redhat.com/errata/RHSA-2023:1894
Comment 7 errata-xmlrpc 2023-04-20 02:16:23 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2023:1897 https://access.redhat.com/errata/RHSA-2023:1897
Comment 8 errata-xmlrpc 2023-04-20 02:16:30 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8

Via RHSA-2023:1896 https://access.redhat.com/errata/RHSA-2023:1896