Published: 25/09/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

runc up to and including 1.0.0-rc8, as used in Docker up to and including 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation runc
linuxfoundation runc 1.0.0
docker docker
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
opensuse leap 15.0
opensuse leap 15.1
redhat enterprise linux 8.0
redhat openshift container platform 4.1
redhat openshift container platform 4.2
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux server tus 8.2
redhat enterprise linux server aus 8.2
redhat enterprise linux server tus 8.4
redhat enterprise linux eus 8.4
redhat enterprise linux server aus 8.4
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10

Debian Bug report logs - #942026 runc: CVE-2019-16884 Package: runc; Maintainer for runc is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Source for runc is src:runc (PTS, buildd, popcon) Affects: dockerio Reported by: Shengjing Zhu <zhsj@debianorg> Date: Wed, 9 Oct 2019 08:45:02 UTC Sever ...

Several security issues were fixed in runc ...

Synopsis Moderate: OpenShift Container Platform 42 runc security update Type/Severity Security Advisory: Moderate Topic An update for runc is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...

Synopsis Important: container-tools:rhel8 security and bug fix update Type/Severity Security Advisory: Important Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Moderate: OpenShift Container Platform 4124 runc security update Type/Severity Security Advisory: Moderate Topic An update for runc is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulner ...

Synopsis Moderate: docker security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for docker is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...

runc through 100-rc8, as used in Docker through 19032-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linuxgo incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory (CVE-2019-16884) ...

runc through 100-rc8, as used in Docker through 19032-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linuxgo incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory (CVE-2019-16884) A flaw was found in runc An attacker who controls the container image for two ...

Impact: Moderate Public Date: 2019-09-22 CWE: CWE-41 Bugzilla: 1757214: CVE-2019-16884 runc: AppArmor c ...

Code for HPE Project on Securing Open Source Components on Containers.

Securing_Open_Source_Components_on_Containers Code for HPE Project on Securing Open Source Components on Containers Scanning of vulnerabilities on the Docker Debian Image was done using the Anchore Engine CLI To demonstrate vulnerabilities, the Chroot, Chmod and AppArmor exploitations were performed on the Ubuntu Bionic Container Finally, Docker-py and Docker-compose compone

CWE-863 https://github.com/opencontainers/runc/issues/2128 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html https://access.redhat.com/errata/RHSA-2019:3940 https://access.redhat.com/errata/RHSA-2019:4074 https://access.redhat.com/errata/RHSA-2019:4269 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html https://security.gentoo.org/glsa/202003-21 https://usn.ubuntu.com/4297-1/https://security.netapp.com/advisory/ntap-20220221-0004/https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942026 https://usn.ubuntu.com/4297-1/https://nvd.nist.gov

CVE-2019-16884

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect