CVE-2017-18367

Name of the Vulnerable Software and Affected Versions libseccomp-golang versions 0.9.0 and earlier

Description The issue is related to the incorrect generation of BPFs by libseccomp-golang, where multiple arguments are ORed instead of ANDed. This allows a process to bypass intended access restrictions by specifying a single matching argument. The vulnerability is associated with an insufficient input validation mechanism, which can be exploited by a remote attacker to impact data integrity. Specifically, filters with rules containing multiple syscall arguments are improperly constructed, requiring all arguments to match instead of any of them, thus allowing bypass by specifying only a subset of the arguments.

Recommendations For libseccomp-golang versions 0.9.0 and earlier, consider restricting the use of seccomp filters with multiple syscall arguments until a patch is available. As a temporary workaround, avoid using filters that require multiple arguments to match, and instead, opt for filters that only require a single argument to match. At the moment, there is no information about a newer version that contains a fix for this vulnerability.