CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19333

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca
https://justi.cz/security/2018/11/14/gvisor-lpe.html
https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca
https://justi.cz/security/2018/11/14/gvisor-lpe.html

Products affected by CVE-2018-19333

Google » Gvisor » Version: N/A

cpe:2.3:a:google:gvisor:-
Google » Gvisor » Version: 2018-08-22

cpe:2.3:a:google:gvisor:2018-08-22
Google » Gvisor » Version: 2018-08-23

cpe:2.3:a:google:gvisor:2018-08-23

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19333

Products

Pricing

Contact Us