PT-2017-14440 · Docker+1 · Docker Moby+2

Published

2017-11-04

Updated

2026-01-27

CVE-2017-16539

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Docker Moby versions prior to 17.03.2-ce

Description The issue concerns the DefaultLinuxSpec function in oci/defaults.go, which does not properly block /proc/scsi pathnames. This oversight allows attackers to cause data loss, particularly when older Linux kernels are in use, by exploiting Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi.

Recommendations For Docker Moby versions prior to 17.03.2-ce, update to version 17.03.2-ce or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-16539

GHSA-VFJC-2QCW-J95J

MGASA-2018-0398

OPENSUSE-SU-2018_0406-1

OPENSUSE-SU-2024:10722-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2018:0386-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Affected Products

Docker

Docker Moby

Suse

PT-2017-14440 · Docker+1 · Docker Moby+2

CVE-2017-16539

Weakness Enumeration

Related Identifiers

Affected Products

References · 276