The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an malicious user to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
docker docker |
||
mobyproject moby |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat openstack 12 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |