PT-2017-14440 · Docker+1 · Docker Moby+2

Publicado

2017-11-04

Atualizado

2026-01-27

CVE-2017-16539

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Docker Moby versions prior to 17.03.2-ce

Description The issue concerns the DefaultLinuxSpec function in oci/defaults.go, which does not properly block /proc/scsi pathnames. This oversight allows attackers to cause data loss, particularly when older Linux kernels are in use, by exploiting Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi.

Recommendations For Docker Moby versions prior to 17.03.2-ce, update to version 17.03.2-ce or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-16539

GHSA-VFJC-2QCW-J95J

MGASA-2018-0398

OPENSUSE-SU-2018_0406-1

OPENSUSE-SU-2024:10722-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2018:0386-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Produtos afetados

Docker

Docker Moby

Suse

PT-2017-14440 · Docker+1 · Docker Moby+2

CVE-2017-16539

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 276