Severity
Critical
Vendor
The libseccomp Project
Affected Cloud Foundry Products and Versions
- cf-deployment
- All versions prior to v11.0.0
- Bosh Process Manager (BPM)
- All versions prior to v1.1.1
- Garden-runC
- All versions prior to v1.19.5
Description
cf-deployment has dependencies on Garden-runC and BPM. Garden-runC and BPM have a dependency on libseccomp.
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- cf-deployment
- Upgrade All versions to v11.0.0 or greater
- BPM
- Upgrade All versions to v1.1.1 or greater
- Garden-runC
- Upgrade All versions to v1.19.5 or greater
History
2019-08-12: Initial vulnerability report published.
