CVE-2018-19333

Name of the Vulnerable Software and Affected Versions Google gVisor versions prior to 2018-11-01

Description The issue allows attackers to overwrite memory locations in processes running as root, but does not allow escape from the sandbox. This is achieved via vectors involving IPC RMID shmctl calls, due to mishandled reference counting.

Recommendations For Google gVisor versions prior to 2018-11-01, update to a version released after 2018-11-01 to resolve the issue. As a temporary workaround, consider restricting access to the shmctl calls to minimize the risk of exploitation.