Published: 12/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 393

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

runc up to and including 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation runc 1.0.0
linuxfoundation runc
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.1
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
redhat openshift container platform 4.1
redhat openshift container platform 4.2

Debian Bug report logs - #1033520 runc: CVE-2023-27561 Package: src:runc; Maintainer for src:runc is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 26 Mar 2023 15:36:02 UTC Severity: important Tags: security, upstream Found in version runc/ ...

Several security issues were fixed in runc ...

Synopsis Moderate: OpenShift Container Platform 4138 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4138 is now available withupdates to packages and images that fix several bugsRed Hat Product Security has rated this update as having a secu ...

Synopsis Moderate: OpenShift Container Platform 4222 runc security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4222 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated th ...

Synopsis Moderate: OpenShift Container Platform 4313 runc security update Type/Severity Security Advisory: Moderate Topic An update for runc is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulner ...

Synopsis Moderate: runc security update Type/Severity Security Advisory: Moderate Topic An update for runc is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Mode ...

runc through 100-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linuxgo To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images (This vulnerability does not affect Docker due to an implementation detail that ...

runc through 100-rc8, as used in Docker through 19032-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linuxgo incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory (CVE-2019-16884) A flaw was found in runc An attacker who controls the container image for two ...

CWE-706 https://github.com/opencontainers/runc/issues/2197 https://github.com/opencontainers/runc/pull/2190 https://security-tracker.debian.org/tracker/CVE-2019-19921 https://github.com/opencontainers/runc/releases http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html https://access.redhat.com/errata/RHSA-2020:0688 https://access.redhat.com/errata/RHSA-2020:0695 https://security.gentoo.org/glsa/202003-21 https://usn.ubuntu.com/4297-1/https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033520 https://nvd.nist.gov https://usn.ubuntu.com/4297-1/

Get Started

CVE-2019-19921

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect