CVE-2018-10892 vulnerability in Docker and Other Products
Published on July 6, 2018
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2018-10892
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10892 are published in these products:
Affected Versions
[UNKNOWN] docker Version n/a is affected by CVE-2018-10892Exploit Probability
EPSS
0.11%
Percentile
29.96%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.