CVE-2023-7258

NameCVE-2023-7258
DescriptionA denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-gvisor-gvisor (PTS)bookworm0.0~20221219.0-2vulnerable
sid, trixie0.0~20230807.0-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-gvisor-gvisorsource(unstable)(unfixed)

Notes

[bookworm] - golang-gvisor-gvisor <no-dsa> (Minor issue)
https://github.com/google/gvisor/commit/6a112c60a257dadac59962e0bc9e9b5aee70b5b6
Search for package or bug name: Reporting problems