Vulnerability Description
TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
CVSS Score
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tinylab | Cloud Lab | 0.8 |
| Tinylab | Linux Lab | 1.1 |
Related Weaknesses (CWE)
References
- https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirementExploitThird Party Advisory
- https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c37Patch
- https://github.com/tinyclub/linux-lab/issues/14Issue Tracking
- https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
- https://www.usenix.org/conference/usenixsecurity23/presentation/heExploitThird Party Advisory
- https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirementExploitThird Party Advisory
- https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c37Patch
- https://github.com/tinyclub/linux-lab/issues/14Issue Tracking
- https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
- https://www.usenix.org/conference/usenixsecurity23/presentation/heExploitThird Party Advisory
FAQ
What is CVE-2022-42150?
CVE-2022-42150 is a vulnerability with a CVSS score of 10.0 (CRITICAL). TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
How severe is CVE-2022-42150?
CVE-2022-42150 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-42150?
Check the references section above for vendor advisories and patch information. Affected products include: Tinylab Cloud Lab, Tinylab Linux Lab.