7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc
inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc
. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CPE | Name | Operator | Version |
---|---|---|---|
runc | eq | 0.0.5 | |
runc | eq | 1.0.0-rc95 | |
runc | eq | 1.0.0-rc10 | |
runc | eq | 1.0.0-rc4 | |
runc | eq | 1.0.0-rc91 | |
runc | eq | 0.0.7 | |
runc | eq | 0.0.8 | |
runc | eq | 1.0.0-rc94 | |
runc | eq | 0.0.4 | |
runc | eq | 1.1.1 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%