Bug 2187409 (CVE-2023-29199) - CVE-2023-29199 vm2: Sandbox Escape
Summary: CVE-2023-29199 vm2: Sandbox Escape
Keywords:
Status: NEW
Alias: CVE-2023-29199
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2187413
Blocks: 2187391
TreeView+ depends on / blocked
 
Reported: 2023-04-17 15:09 UTC by Borja Tarraso
Modified: 2023-07-07 08:30 UTC (History)
10 users (show)

Fixed In Version: vm2 3.9.16
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is running the sandbox.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:1887 0 None None None 2023-04-19 23:50:30 UTC
Red Hat Product Errata RHSA-2023:1888 0 None None None 2023-04-20 01:39:32 UTC
Red Hat Product Errata RHSA-2023:1893 0 None None None 2023-04-20 01:52:18 UTC
Red Hat Product Errata RHSA-2023:1894 0 None None None 2023-04-20 01:54:14 UTC
Red Hat Product Errata RHSA-2023:1896 0 None None None 2023-04-20 02:16:31 UTC
Red Hat Product Errata RHSA-2023:1897 0 None None None 2023-04-20 02:16:24 UTC

Description Borja Tarraso 2023-04-17 15:09:54 UTC 
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
Comment 3 errata-xmlrpc 2023-04-19 23:50:28 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.2 for RHEL 8

Via RHSA-2023:1887 https://access.redhat.com/errata/RHSA-2023:1887
Comment 4 errata-xmlrpc 2023-04-20 01:39:31 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:1888 https://access.redhat.com/errata/RHSA-2023:1888
Comment 5 errata-xmlrpc 2023-04-20 01:52:16 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.0 for RHEL 8

Via RHSA-2023:1893 https://access.redhat.com/errata/RHSA-2023:1893
Comment 6 errata-xmlrpc 2023-04-20 01:54:12 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.1 for RHEL 8

Via RHSA-2023:1894 https://access.redhat.com/errata/RHSA-2023:1894
Comment 7 errata-xmlrpc 2023-04-20 02:16:23 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2023:1897 https://access.redhat.com/errata/RHSA-2023:1897
Comment 8 errata-xmlrpc 2023-04-20 02:16:30 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8

Via RHSA-2023:1896 https://access.redhat.com/errata/RHSA-2023:1896
Note You need to log in before you can comment on or make changes to this bug.