runc up to and including 1.0.0-rc8, as used in Docker up to and including 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linuxfoundation runc |
||
linuxfoundation runc 1.0.0 |
||
docker docker |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |
||
redhat enterprise linux 8.0 |
||
redhat openshift container platform 4.1 |
||
redhat openshift container platform 4.2 |
||
redhat enterprise linux eus 8.1 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |