runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 19.10 | |
debian_linux | eq | 9.0 | |
debian_linux | eq | 10.0 | |
runc | eq | 1.0.0 rc7 | |
runc | eq | 1.0.0 rc6 | |
runc | eq | 1.0.0 rc5 | |
runc | eq | 1.0.0 rc4 | |
runc | eq | 1.0.0 rc3 | |
runc | eq | 1.0.0 rc2 |
lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
access.redhat.com/errata/RHSA-2020:0688
access.redhat.com/errata/RHSA-2020:0695
github.com/opencontainers/runc/issues/2197
github.com/opencontainers/runc/pull/2190
github.com/opencontainers/runc/releases
lists.debian.org/debian-lts-announce/2023/03/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
lists.fedoraproject.org/archives/list/[email protected]/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
lists.fedoraproject.org/archives/list/[email protected]/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
lists.fedoraproject.org/archives/list/[email protected]/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
lists.fedoraproject.org/archives/list/[email protected]/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
security-tracker.debian.org/tracker/CVE-2019-19921
security.gentoo.org/glsa/202003-21
usn.ubuntu.com/4297-1/