Name of the Vulnerable Software and Affected Versions:

Moby versions prior to 28.0.0

Moby version 25.0.13

Description:

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby, where reloading firewalld causes Docker to fail to re-create iptables rules that isolate bridge networks. This allows containers to access any port on any other container across different bridge networks on the same host, breaking network segmentation between containers. Containers in `--internal` networks remain protected.

Recommendations:

Update to Moby version 28.0.0 or later.

Apply the fix available in Moby release 25.0.13.

As a temporary workaround, restart the docker daemon after reloading firewalld.

As a temporary workaround, re-create bridge networks after reloading firewalld.

As a temporary workaround, use rootless mode.