1
Candidate: CVE-2017-16539
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539
5
https://twitter.com/ewindisch/status/926443521820774401
7
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through
8
17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to
9
trigger data loss (when certain older Linux kernels are used) by leveraging
10
Docker container access to write a "scsi remove-single-device" line to
11
/proc/scsi/scsi, aka SCSI MICDROP.
21
upstream: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
22
upstream_docker.io: needed
23
precise/esm_docker.io: DNE
24
trusty_docker.io: needs-triage
25
xenial_docker.io: needs-triage
26
zesty_docker.io: ignored (reached end-of-life)
27
artful_docker.io: needs-triage
28
bionic_docker.io: needs-triage
29
devel_docker.io: needs-triage