CVE-2022-42150

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:tinylab:cloud_lab:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:tinylab:linux_lab:1.1:rc1:*:*:*:*:*:*

History

21 Nov 2024, 07:24

Type Values Removed Values Added
References () https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements - Exploit, Third Party Advisory () https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements - Exploit, Third Party Advisory
References () https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json - Patch () https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json - Patch
References () https://github.com/tinyclub/linux-lab/issues/14 - Issue Tracking () https://github.com/tinyclub/linux-lab/issues/14 - Issue Tracking
References () https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo - () https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo -
References () https://www.usenix.org/conference/usenixsecurity23/presentation/he - Exploit, Third Party Advisory () https://www.usenix.org/conference/usenixsecurity23/presentation/he - Exploit, Third Party Advisory

Information

Published : 2023-10-19 20:15

Updated : 2024-11-21 07:24


NVD link : CVE-2022-42150

Mitre link : CVE-2022-42150

CVE.ORG link : CVE-2022-42150


JSON object : View

Products Affected

tinylab

  • linux_lab
  • cloud_lab
CWE
CWE-276

Incorrect Default Permissions