CVE-2022-26316

Name of the Vulnerable Software and Affected Versions Falco versions prior to 0.31.1

Description The issue is related to a Time-of-Check-to-Time-of-Use (TOCTOU) problem that could lead to rule bypass in Falco. This occurs because Falco extracts certain arguments by reading user-space buffers upon exit from a system call, while an attacker can modify these arguments in their own address space after the system call and before its completion. The problem is architectural in nature, as Falco's functionality relies on specific system calls.

Recommendations For versions prior to 0.31.1, consider disabling or restricting the use of the affected system call handling mechanism until a proper fix is available. However, given the architectural nature of the issue, a comprehensive resolution may require significant changes to how Falco interacts with system calls. At the moment, there is no information about a newer version that contains a fix for this vulnerability.