Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

Medium: amazon-efs-utils

Issue Overview: efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to...

SUSE SLES12 Security Update : aws-efs-utils.11048 (SUSE-SU-2023:1761-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1761-1 advisory. - efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazon EFS mount...

SUSE SLES15 / openSUSE 15 Security Update : aws-efs-utils (SUSE-SU-2023:0423-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0423-1 advisory. - efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazo...

CVE-2022-46174

CVE-2022-46174 affects the Amazon EFS utilities (efs-utils) with a race condition in the EFS mount helper when TLS is used. In v1.34.3 and earlier, concurrent TLS-enabled mounts can allocate the same local port for stunnel/NFS, causing failed mounts or incorrect mapping of a customer’s local moun...