x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2017-16539 #2199
Labels
excluded: LEGACY_FALSE_POSITIVE
(DO NOT USE) Vulnerability marked as false positive before we introduced the triage process
CVE-2017-16539 references github.com/moby/moby, which may be a Go module.
Description:
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: