The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-04T17:00:00

Updated: 2024-08-05T20:27:03.794Z

Reserved: 2017-11-04T00:00:00

Link: CVE-2017-16539

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2017-11-04T17:29:00.207

Modified: 2017-11-27T15:55:07.733

Link: CVE-2017-16539

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-11-03T00:00:00Z

Links: CVE-2017-16539 - Bugzilla