What is CVE-2023-7258?

CVE-2023-7258 is a medium-severity vulnerability in Google Gvisor, classified under Uncontrolled Resource Consumption. CVSS score: 4.8/10. Published 2024-05-15.

How severe is CVE-2023-7258?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Resource exhaustion in Google Gvisor

CVE-2023-7258

A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.002 (6.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H.

Affected products

Google Gvisor — versions 0b983ff832b175e406f4f9b1a3868457bb1ceb7b

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

cve-coordination@google.com (Patch)

Frequently asked questions

What is CVE-2023-7258?: CVE-2023-7258 is a medium-severity vulnerability in Google Gvisor, classified under Uncontrolled Resource Consumption. CVSS score: 4.8/10. Published 2024-05-15.
How severe is CVE-2023-7258?: Medium severity. CVSS v3 base score is 4.8 out of 10.