mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update unprivileged_userns_restriction

John Johansen 2024-06-02 09:15:42 +00:00
parent fd58196b9e
commit 1f6cfc57b3
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
unprivileged_userns_restriction.md

@ -6,6 +6,7 @@ However while unprivileged user namespaces have been beneficial by reducing the
This has lead to many real world CVEs. Examples (to pick a few):
* [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086): to exploit, needs to be able to add netfilter rules
* [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185): to exploit, need to be able to mount a filesystem, granted by `CAP_SYS_ADMIN` in a user namespace.
* [CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015): to exploit, need to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.
* [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078): to exploit, need to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.