Cloud Foundry Logo

CVE-2019-9893: Dependency on vulnerable version of libseccomp


Share

Severity

Critical

Vendor

The libseccomp Project

Affected Cloud Foundry Products and Versions

  • cf-deployment
    • All versions prior to v11.0.0
  • Bosh Process Manager (BPM)
    • All versions prior to v1.1.1
  • Garden-runC
    • All versions prior to v1.19.5

Description

cf-deployment has dependencies on Garden-runC and BPM.  Garden-runC and BPM have a dependency on libseccomp.

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cf-deployment
    • Upgrade All versions to v11.0.0 or greater
  • BPM
    • Upgrade All versions to v1.1.1 or greater
  • Garden-runC
    • Upgrade All versions to v1.19.5 or greater

History

2019-08-12: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES