{"id":"UBUNTU-CVE-2023-7258","details":"A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6","modified":"2025-09-08T16:56:03Z","published":"2024-05-15T17:15:00Z","upstream":["CVE-2023-7258"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-7258"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-7258"},{"type":"REPORT","url":"https://github.com/google/gvisor/commit/6a112c60a257dadac59962e0bc9e9b5aee70b5b6"}],"affected":[{"package":{"name":"golang-gvisor-gvisor","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/golang-gvisor-gvisor@0.0~20230807.0-4ubuntu0.24.04.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~20230807.0-4build1","0.0~20230807.0-4ubuntu0.24.04.1","0.0~20230807.0-4ubuntu0.24.04.2","0.0~20230807.0-4ubuntu0.24.04.3"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0~20230807.0-4ubuntu0.24.04.3","binary_name":"golang-gvisor-gvisor-dev"},{"binary_version":"0.0~20230807.0-4ubuntu0.24.04.3","binary_name":"runsc"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-7258.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}