Summary
A vulnerability in Service Fabric allows Linux containers to escalate their privileges in
order to gain root privileges on the node, and then compromise all of the nodes in the cluster.
An attacker would need to have read/write access to the cluster, and the vulnerability could be
exploited on containers that are configured to have runtime access, but this is granted by default
to every container. Though the bug exists in both the Windows and Linux versions, it is only
exploitable on Linux.
Affected Services
Service Fabric
Remediation
Users can check their current Service Fabric version by navigating to their Service Fabric
cluster in the Azure console and then clicking on "Fabric upgrades".
If the Fabric upgrade mode is configured to "Automatic", the cluster will be updated automatically
to the latest secure version. If Fabric upgrade mode is configured to "Manual",
customers must update it manually to the latest version (9.0.1035.1 or higher).
Tracked CVEs
cve-2022-30137
References
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137https://msrc-blog.microsoft.com/2022/06/28/azure-service-fabric-privilege-escalation-from-containerized-workloads-on-linux/
Contributed by https://github.com/leszekgrzegorek
Disclosure Date
Tue, Jun 14th, 2022
Exploitablity Period
until 2022/05/24
Known ITW Exploitation
-
Detection Methods
Linux Service Fabric runtime < 9.0.1035.1
Piercing Index Rating
4.02
(PI:1.5/A3:1.05/A4:1.05/A5:1.05/A6:3/A7:1.1/A8:1.1)
Discovered by
Aviv Sasson, Palo Alto Networks
