There is no impact to systems that are not vulnerable to CVE-2022-1184. On systems that are vulnerable to CVE-2022-1184, a specially crafted extfs container image, or extfs overlay partition within a SIF file, may trigger a denial of service when run with SingularityCE / SingularityPRO in set-uid mode.
Sylabs’ opinion is that CVE-2023-30549 is a duplicate of CVE-2022-1184, and does not describe a security vulnerability in SingularityCE / SingularityPRO. The security vulnerability identified in the advisory is in the kernel, and must be patched there. It is also relevant to non-Singularity workflows, such as automatic or user-initiated mounts of USB drives under desktop environments.
- Singularity’s execution control list, that limits container execution to specifically signed containers, cannot be enforced.
- Encrypted SIF containers can no longer be utilized.
- Inability to use supplementary groups –
- Inability to use host filesystem ACLs –
Sylabs does not consider CVE-2023-30549 to be a vulnerability in Singularity. Systems should be patched regularly to ensure they are not susceptible to vulnerabilities such as CVE-2022-1184.
Join Our Mailing List
Overview With CentOS 7 reaching end of life on June 30th, 2024 and CentOS 8 already discontinued in favor of CentOS Stream, users of open source SingularityCE might find themselves in a situation where a migration to another open source operating system is necessary....
With the ever increasing adoption of AI techniques in scientific research, as well as growing use of accelerators for traditional numerical workloads, easy access to GPUs and other devices in HPC environments is critical.The 4.0 release of the SingularityCE container...
Transforming Alzheimer’s Research with Singularity Containers: A Milestone in Scientific Reproducibility
Addressing The Grand Challenges of Our Time Through Singularity Container TechnologyAt Sylabs, our mission and vision aren't just statements on a wall, they're an ethos we embody daily. We're committed to facilitating cutting-edge research that seeks to address...