A flaw was found in the way the Docker service unpacked images or builds after a "docker pull". An attacker could use this flaw to provide a malicious image or build that, when unpacked, would escalate their privileges on the system.
Find out more about CVE-2014-9357 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the versions of Docker as shipped with Red Hat Enterprise Linux 7. However, this flaw is not known to be exploitable under any supported scenario. A future update may address this issue.
Red Hat does not support or recommend running untrusted images.
Base Score | 4.6 |
---|---|
Base Metrics | AV:A/AC:H/Au:N/C:N/I:C/A:N |
Access Vector | Adjacent Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Complete |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 Extras (docker) | RHSA-2015:0623 | 2015-03-05 |