Vulnerability Details CVE-2023-7258
A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.7%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2023-7258
-
cpe:2.3:a:google:gvisor:-
-
cpe:2.3:a:google:gvisor:2018-08-22
-
cpe:2.3:a:google:gvisor:2018-08-23
-
cpe:2.3:a:google:gvisor:2018-11-01
-
cpe:2.3:a:google:gvisor:20190304.1
-
cpe:2.3:a:google:gvisor:20190529.1
-
cpe:2.3:a:google:gvisor:20190722.1
-
cpe:2.3:a:google:gvisor:20190806.1
-
cpe:2.3:a:google:gvisor:20191104.0
-
cpe:2.3:a:google:gvisor:20191114.0
-
cpe:2.3:a:google:gvisor:20191129.0
-
cpe:2.3:a:google:gvisor:20191210.0
-
cpe:2.3:a:google:gvisor:20191213.0
-
cpe:2.3:a:google:gvisor:20200115.0
-
cpe:2.3:a:google:gvisor:20200127.0
-
cpe:2.3:a:google:gvisor:20200211.0
-
cpe:2.3:a:google:gvisor:20200219.0
-
cpe:2.3:a:google:gvisor:20200323.0
-
cpe:2.3:a:google:gvisor:20200413.0
-
cpe:2.3:a:google:gvisor:20200422.0
-
cpe:2.3:a:google:gvisor:20200511.0
-
cpe:2.3:a:google:gvisor:20200518.0
-
cpe:2.3:a:google:gvisor:20200522.0
-
cpe:2.3:a:google:gvisor:20200601.0
-
cpe:2.3:a:google:gvisor:20200608.0
-
cpe:2.3:a:google:gvisor:20200622.1
-
cpe:2.3:a:google:gvisor:20200804.0
-
cpe:2.3:a:google:gvisor:20200810.0
-
cpe:2.3:a:google:gvisor:20200818.0
-
cpe:2.3:a:google:gvisor:20200907.0
-
cpe:2.3:a:google:gvisor:20200914.0
-
cpe:2.3:a:google:gvisor:20200921.0
-
cpe:2.3:a:google:gvisor:20200928.0
-
cpe:2.3:a:google:gvisor:20201005.0
-
cpe:2.3:a:google:gvisor:20201012.0
-
cpe:2.3:a:google:gvisor:20201019.0
-
cpe:2.3:a:google:gvisor:20201027.0
-
cpe:2.3:a:google:gvisor:20201030.0
-
cpe:2.3:a:google:gvisor:20201109.0
-
cpe:2.3:a:google:gvisor:20201117.0
-
cpe:2.3:a:google:gvisor:20201130.0
-
cpe:2.3:a:google:gvisor:20201208.0
-
cpe:2.3:a:google:gvisor:20201216.0
-
cpe:2.3:a:google:gvisor:20210112.0
-
cpe:2.3:a:google:gvisor:20210121.1
-
cpe:2.3:a:google:gvisor:20210125.0
-
cpe:2.3:a:google:gvisor:20210201.0
-
cpe:2.3:a:google:gvisor:20210208.0
-
cpe:2.3:a:google:gvisor:20210301.0
-
cpe:2.3:a:google:gvisor:20210309.0
-
cpe:2.3:a:google:gvisor:20210315.0
-
cpe:2.3:a:google:gvisor:20210322.0
-
cpe:2.3:a:google:gvisor:20210408.0
-
cpe:2.3:a:google:gvisor:20210412.0
-
cpe:2.3:a:google:gvisor:20210419.0
-
cpe:2.3:a:google:gvisor:20210503.0
-
cpe:2.3:a:google:gvisor:20210510.0
-
cpe:2.3:a:google:gvisor:20210518.0
-
cpe:2.3:a:google:gvisor:20210601.0
-
cpe:2.3:a:google:gvisor:20210607.0
-
cpe:2.3:a:google:gvisor:20210614.0
-
cpe:2.3:a:google:gvisor:20210622.0
-
cpe:2.3:a:google:gvisor:20210628.0
-
cpe:2.3:a:google:gvisor:20210705.0
-
cpe:2.3:a:google:gvisor:20210712.0
-
cpe:2.3:a:google:gvisor:20210720.0
-
cpe:2.3:a:google:gvisor:20210726.0
-
cpe:2.3:a:google:gvisor:20210806.0
-
cpe:2.3:a:google:gvisor:20210816.0
-
cpe:2.3:a:google:gvisor:20210823.0
-
cpe:2.3:a:google:gvisor:20210830.0
-
cpe:2.3:a:google:gvisor:20210906.0
-
cpe:2.3:a:google:gvisor:20210921.0
-
cpe:2.3:a:google:gvisor:20210927.0
-
cpe:2.3:a:google:gvisor:20211005.0
-
cpe:2.3:a:google:gvisor:20211011.0
-
cpe:2.3:a:google:gvisor:20211019.0
-
cpe:2.3:a:google:gvisor:20211026.0
-
cpe:2.3:a:google:gvisor:20211101.0
-
cpe:2.3:a:google:gvisor:20211108.0
-
cpe:2.3:a:google:gvisor:20211115.0
-
cpe:2.3:a:google:gvisor:20211122.0
-
cpe:2.3:a:google:gvisor:20211129.0
-
cpe:2.3:a:google:gvisor:20220103.0
-
cpe:2.3:a:google:gvisor:20220117.0
-
cpe:2.3:a:google:gvisor:20220124.0
-
cpe:2.3:a:google:gvisor:20220131.0
-
cpe:2.3:a:google:gvisor:20220208.0
-
cpe:2.3:a:google:gvisor:20220214.0
-
cpe:2.3:a:google:gvisor:20220221.0
-
cpe:2.3:a:google:gvisor:20220222.0
-
cpe:2.3:a:google:gvisor:20220228.0
-
cpe:2.3:a:google:gvisor:20220309.0
-
cpe:2.3:a:google:gvisor:20220314.0
-
cpe:2.3:a:google:gvisor:20220321.0
-
cpe:2.3:a:google:gvisor:20220328.0
-
cpe:2.3:a:google:gvisor:20220405.0
-
cpe:2.3:a:google:gvisor:20220411.0
-
cpe:2.3:a:google:gvisor:20220418.0
-
cpe:2.3:a:google:gvisor:20220425.0
-
cpe:2.3:a:google:gvisor:20220502.1
-
cpe:2.3:a:google:gvisor:20220510.0
-
cpe:2.3:a:google:gvisor:20220516.0
-
cpe:2.3:a:google:gvisor:20220606.0
-
cpe:2.3:a:google:gvisor:20220621.0
-
cpe:2.3:a:google:gvisor:20220627.0
-
cpe:2.3:a:google:gvisor:20220704.0
-
cpe:2.3:a:google:gvisor:20220713.0
-
cpe:2.3:a:google:gvisor:20220718.0
-
cpe:2.3:a:google:gvisor:20220801.0
-
cpe:2.3:a:google:gvisor:20220808.0
-
cpe:2.3:a:google:gvisor:20220815.0
-
cpe:2.3:a:google:gvisor:20220822.0
-
cpe:2.3:a:google:gvisor:20220905.0
-
cpe:2.3:a:google:gvisor:20220913.0
-
cpe:2.3:a:google:gvisor:20220919.0
-
cpe:2.3:a:google:gvisor:20220926.0
-
cpe:2.3:a:google:gvisor:20221003.0
-
cpe:2.3:a:google:gvisor:20221010.0
-
cpe:2.3:a:google:gvisor:20221017.0
-
cpe:2.3:a:google:gvisor:20221026.0
-
cpe:2.3:a:google:gvisor:20221102.1
-
cpe:2.3:a:google:gvisor:20221107.0
-
cpe:2.3:a:google:gvisor:20221122.0
-
cpe:2.3:a:google:gvisor:20221128.0
-
cpe:2.3:a:google:gvisor:20221205.0
-
cpe:2.3:a:google:gvisor:20221212.0
-
cpe:2.3:a:google:gvisor:20221219.0
-
cpe:2.3:a:google:gvisor:20230102.0
-
cpe:2.3:a:google:gvisor:20230109.0
-
cpe:2.3:a:google:gvisor:20230118.0
-
cpe:2.3:a:google:gvisor:20230123.0
-
cpe:2.3:a:google:gvisor:20230130.0
-
cpe:2.3:a:google:gvisor:20230214.0
-
cpe:2.3:a:google:gvisor:20230227.0
-
cpe:2.3:a:google:gvisor:20230306.0
-
cpe:2.3:a:google:gvisor:20230313.0
-
cpe:2.3:a:google:gvisor:20230320.0
-
cpe:2.3:a:google:gvisor:20230327.0
-
cpe:2.3:a:google:gvisor:20230417.0
-
cpe:2.3:a:google:gvisor:20230501.0
-
cpe:2.3:a:google:gvisor:20230508.0
-
cpe:2.3:a:google:gvisor:20230517.0
-
cpe:2.3:a:google:gvisor:20230522.0
-
cpe:2.3:a:google:gvisor:20230529.0
-
cpe:2.3:a:google:gvisor:20230605.0
-
cpe:2.3:a:google:gvisor:20230621.0
-
cpe:2.3:a:google:gvisor:20230627.0
-
cpe:2.3:a:google:gvisor:20230710.0
-
cpe:2.3:a:google:gvisor:20230717.0
-
cpe:2.3:a:google:gvisor:20230724.0
-
cpe:2.3:a:google:gvisor:20230731.0
-
cpe:2.3:a:google:gvisor:20230801.0
-
cpe:2.3:a:google:gvisor:20230807.0
-
cpe:2.3:a:google:gvisor:20230814.0
-
cpe:2.3:a:google:gvisor:20230823.0
-
cpe:2.3:a:google:gvisor:20230904.0
-
cpe:2.3:a:google:gvisor:20230911.0
-
cpe:2.3:a:google:gvisor:20230920.0
-
cpe:2.3:a:google:gvisor:20230925.0
-
cpe:2.3:a:google:gvisor:20231003.0
-
cpe:2.3:a:google:gvisor:20231009.0
-
cpe:2.3:a:google:gvisor:20231016.0
-
cpe:2.3:a:google:gvisor:20231023.0
-
cpe:2.3:a:google:gvisor:20231030.0
-
cpe:2.3:a:google:gvisor:20231106.0
-
cpe:2.3:a:google:gvisor:20231113.0
-
cpe:2.3:a:google:gvisor:20231120.0