Fluid Attacks Database

Description

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	docker.io	>=0 <18.06.1+dfsg1-1	18.06.1+dfsg1-1
debian 13	docker.io	>=0 <18.06.1+dfsg1-1	18.06.1+dfsg1-1
debian 14	docker.io	>=0 <18.06.1+dfsg1-1	18.06.1+dfsg1-1
debian 12	docker.io	>=0 <18.06.1+dfsg1-1	18.06.1+dfsg1-1

Aliases

1. CVE-2018-108922. NVD-2018-108923. OSV-DEBIAN-2018-108924. OSV-2018-108925. SECURITY-TRACKER-CVE-2018-10892

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.