The DefaultLinuxSpec function in oci/defaults.go in Docker Moby up to and including 17.03.2-ce does not block /proc/scsi pathnames, which allows malicious users to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mobyproject moby |