Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.
Exploitability
AV:LAC:LAT:PPR:LUI:AVulnerable System
VC:HVI:HVA:HSubsequent System
SC:HSI:HSA:H7.3/CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H