Support Content Notification - Support Portal

Container vulnerabilities in Brocade SANnav docker containers (CVE-2024-23653 & CVE-2024-21626)

Product/Component

Brocade SANnav

0 more products

Notification Id

25074

Last Updated

02 November 2024

Initial Publication Date

02 November 2024

Status

OPEN

Severity

MEDIUM

CVSS Base Score

Multiple

WorkAround

Affected CVE

Brocade Security Advisory ID	BSA-2024-2749
Component	Docker

Summary

Brocade Security is aware of multiple vulnerabilities affecting Brocade SANnav docker container (CVE-2024-23653 & CVE-2024-21626).

CVE-2024-23653: Interactive containers API does not validate entitlements check.
Description: Buildkit GRPC Security Mode privilege check: Build-time container breakout
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. The now-executing privileged container can use its elevated privileges (for example, full Linux capabilities) to escape from the container and achieve full host root command. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 .
BASE SCORE : 9.8 CRITICAL - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-863 Incorrect Authorization

CVE-2024-21626: Vulnerability in a core container infrastructure component, 'runc', allows a container breakout attack.
Description: 'runc' is a CLI tool for spawning and running containers on Linux according to the OCI specification.
An attacker could use these container escapes to gain unauthorized access to the host filesystem from within the container. A malicious image could use the same attack to allow a container process to access the host filesystem through runc run. Other variants of the attacks could also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes. runc 1.1.12 includes patches for this issue.
Base Score: 8.6 HIGH - Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-668 Exposure of Resource to Wrong Sphere
CWE-403 Exposure of File Descriptor to Unintended Control Sphere

Products Affected

Brocade SANnav versions before 2.3.1a
Brocade ASCG versions before 3.1.0

Products Confirmed Not Affected

Brocade Fabric OS is Not Affected [Vex Status Code: Component_not_present]

Solution

Security update provided in Brocade SANnav 2.3.1a
Security update provided in Brocade ASCG 3.1.0

Revision History

Version	Change	Date
1.0	Initial Publication	October 14, 2024

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.