CVE-2023-7258

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-7258
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7258.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-7258
Downstream
Published
2024-05-15T17:15:09.987Z
Modified
2026-04-12T10:19:43.487048Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6

References

Affected packages

Git / github.com/google/gvisor

Affected ranges

Type
GIT
Repo
https://github.com/google/gvisor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
126ee58746d10ae5064e51dec96cf580b8116875
Fixed
6a112c60a257dadac59962e0bc9e9b5aee70b5b6
Database specific 
{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "20231204.0"
        }
    ],
    "cpe": "cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*"
}

Affected versions

release-20190304.*
release-20190304.1
release-20190529.*
release-20190529.1
release-20190722.*
release-20190722.1
release-20190806.*
release-20190806.1
release-20191104.*
release-20191104.0
release-20191114.*
release-20191114.0
release-20191129.*
release-20191129.0
release-20191210.*
release-20191210.0
release-20191213.*
release-20191213.0
release-20200115.*
release-20200115.0
release-20200127.*
release-20200127.0
release-20200211.*
release-20200211.0
release-20200219.*
release-20200219.0
release-20200323.*
release-20200323.0
release-20200413.*
release-20200413.0
release-20200422.*
release-20200422.0
release-20200511.*
release-20200511.0
release-20200518.*
release-20200518.0
release-20200522.*
release-20200522.0
release-20200601.*
release-20200601.0
release-20200608.*
release-20200608.0
release-20200622.*
release-20200622.1
release-20200804.*
release-20200804.0
release-20200810.*
release-20200810.0
release-20200818.*
release-20200818.0
release-20200907.*
release-20200907.0
release-20200914.*
release-20200914.0
release-20200921.*
release-20200921.0
release-20200928.*
release-20200928.0
release-20201005.*
release-20201005.0
release-20201012.*
release-20201012.0
release-20201019.*
release-20201019.0
release-20201027.*
release-20201027.0
release-20201030.*
release-20201030.0
release-20201109.*
release-20201109.0
release-20201117.*
release-20201117.0
release-20201130.*
release-20201130.0
release-20201208.*
release-20201208.0
release-20201216.*
release-20201216.0
release-20210112.*
release-20210112.0
release-20210121.*
release-20210121.1
release-20210125.*
release-20210125.0
release-20210201.*
release-20210201.0
release-20210208.*
release-20210208.0
release-20210301.*
release-20210301.0
release-20210309.*
release-20210309.0
release-20210315.*
release-20210315.0
release-20210322.*
release-20210322.0
release-20210408.*
release-20210408.0
release-20210412.*
release-20210412.0
release-20210419.*
release-20210419.0
release-20210503.*
release-20210503.0
release-20210510.*
release-20210510.0
release-20210518.*
release-20210518.0
release-20210601.*
release-20210601.0
release-20210607.*
release-20210607.0
release-20210614.*
release-20210614.0
release-20210622.*
release-20210622.0
release-20210628.*
release-20210628.0
release-20210705.*
release-20210705.0
release-20210712.*
release-20210712.0
release-20210720.*
release-20210720.0
release-20210726.*
release-20210726.0
release-20210806.*
release-20210806.0
release-20210816.*
release-20210816.0
release-20210823.*
release-20210823.0
release-20210830.*
release-20210830.0
release-20210906.*
release-20210906.0
release-20210921.*
release-20210921.0
release-20210927.*
release-20210927.0
release-20211005.*
release-20211005.0
release-20211011.*
release-20211011.0
release-20211019.*
release-20211019.0
release-20211026.*
release-20211026.0
release-20211101.*
release-20211101.0
release-20211108.*
release-20211108.0
release-20211115.*
release-20211115.0
release-20211122.*
release-20211122.0
release-20211129.*
release-20211129.0
release-20220103.*
release-20220103.0
release-20220117.*
release-20220117.0
release-20220124.*
release-20220124.0
release-20220131.*
release-20220131.0
release-20220208.*
release-20220208.0
release-20220214.*
release-20220214.0
release-20220221.*
release-20220221.0
release-20220222.*
release-20220222.0
release-20220228.*
release-20220228.0
release-20220309.*
release-20220309.0
release-20220314.*
release-20220314.0
release-20220321.*
release-20220321.0
release-20220328.*
release-20220328.0
release-20220405.*
release-20220405.0
release-20220411.*
release-20220411.0
release-20220418.*
release-20220418.0
release-20220425.*
release-20220425.0
release-20220502.*
release-20220502.1
release-20220510.*
release-20220510.0
release-20220516.*
release-20220516.0
release-20220606.*
release-20220606.0
release-20220621.*
release-20220621.0
release-20220627.*
release-20220627.0
release-20220704.*
release-20220704.0
release-20220713.*
release-20220713.0
release-20220718.*
release-20220718.0
release-20220801.*
release-20220801.0
release-20220808.*
release-20220808.0
release-20220815.*
release-20220815.0
release-20220822.*
release-20220822.0
release-20220905.*
release-20220905.0
release-20220913.*
release-20220913.0
release-20220919.*
release-20220919.0
release-20220926.*
release-20220926.0
release-20221003.*
release-20221003.0
release-20221010.*
release-20221010.0
release-20221017.*
release-20221017.0
release-20221026.*
release-20221026.0
release-20221102.*
release-20221102.1
release-20221107.*
release-20221107.0
release-20221122.*
release-20221122.0
release-20221128.*
release-20221128.0
release-20221205.*
release-20221205.0
release-20221212.*
release-20221212.0
release-20221219.*
release-20221219.0
release-20230102.*
release-20230102.0
release-20230109.*
release-20230109.0
release-20230118.*
release-20230118.0
release-20230123.*
release-20230123.0
release-20230130.*
release-20230130.0
release-20230214.*
release-20230214.0
release-20230227.*
release-20230227.0
release-20230306.*
release-20230306.0
release-20230313.*
release-20230313.0
release-20230320.*
release-20230320.0
release-20230327.*
release-20230327.0
release-20230417.*
release-20230417.0
release-20230501.*
release-20230501.0
release-20230508.*
release-20230508.0
release-20230517.*
release-20230517.0
release-20230522.*
release-20230522.0
release-20230529.*
release-20230529.0
release-20230605.*
release-20230605.0
release-20230621.*
release-20230621.0
release-20230627.*
release-20230627.0
release-20230710.*
release-20230710.0
release-20230717.*
release-20230717.0
release-20230724.*
release-20230724.0
release-20230731.*
release-20230731.0
release-20230801.*
release-20230801.0
release-20230807.*
release-20230807.0
release-20230814.*
release-20230814.0
release-20230823.*
release-20230823.0
release-20230904.*
release-20230904.0
release-20230911.*
release-20230911.0
release-20230920.*
release-20230920.0
release-20230925.*
release-20230925.0
release-20231003.*
release-20231003.0
release-20231009.*
release-20231009.0
release-20231016.*
release-20231016.0
release-20231023.*
release-20231023.0
release-20231030.*
release-20231030.0
release-20231106.*
release-20231106.0
release-20231113.*
release-20231113.0
release-20231120.*
release-20231120.0

Database specific

vanir_signatures 
[
    {
        "target": {
            "file": "test/syscalls/linux/mount.cc"
        },
        "source": "https://github.com/google/gvisor/commit/6a112c60a257dadac59962e0bc9e9b5aee70b5b6",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "269802285469074608123542573705608135095",
                "15643295923371110299552405570464642109",
                "30707538532061579888770222677221965848",
                "140833348707707780581757800415215888964",
                "311327337334935848450225604739890492340",
                "228271758042552947232133433063952989862",
                "168102985027651801616458849826001019691",
                "95541713137360941677230737423589630070",
                "328970649726918352133359352452513874559",
                "108587633537507210242609878158511307392"
            ]
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2023-7258-8c75cc02"
    }
]
vanir_signatures_modified 
"2026-04-12T10:19:43Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7258.json"