1121768 – (CVE-2018-20699) VUL-0: CVE-2018-20699: docker: denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value

Bug 1121768 (CVE-2018-20699) - VUL-0: CVE-2018-20699: docker: denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value

Summary: VUL-0: CVE-2018-20699: docker: denial of service (dockerd memory consumption)...

Status:	RESOLVED FIXED

Alias:	CVE-2018-20699

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/222714/
Whiteboard:	CVSSv3:SUSE:CVE-2018-20699:5.5:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-01-14 08:07 UTC by Karol Babioch
Modified:	2024-05-07 09:26 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2019-01-14 08:07:06 UTC

CVE-2018-20699

Docker Engine before 18.09 allows attackers to cause a denial of service
(dockerd memory consumption) via a large integer in a --cpuset-mems or
--cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go,
and pkg/sysinfo/sysinfo.go.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20699
https://github.com/docker/engine/pull/70
https://github.com/moby/moby/pull/37967

Comment 1 Flavio Castelli 2019-01-30 10:21:16 UTC

Adding the container core folks to CC.

Comment 2 Aleksa Sarai 2019-02-07 06:25:35 UTC

It should be noted that upstream Docker has asked for the CVE to be disputed -- because ultimately the attack would require root-level access on the host anyway.

Comment 6 Aleksa Sarai 2019-12-12 13:05:27 UTC

This was fixed and backported in 18.09 a long time ago, and 19.03.x definitely has the fix. I will include it in the changelog.

Comment 7 Aleksa Sarai 2019-12-12 13:07:11 UTC

It should also be noted that this "vulnerability" is not really worthy of a CVE -- you need to be able to modify Docker's configuration to exploit it. If you already have the ability to do that, you could get remote root access by exposing the Docker management socket over TCP (and start a privileged container to access the host as root).

Comment 9 Wolfgang Frisch 2021-05-06 16:32:13 UTC

Released.

Comment 10 Thomas Leroy 2024-05-07 09:26:09 UTC

All done, closing.