Lucene search
Redhat.comRH:CVE-2023-27561HistoryMar 06, 2023 - 12:59 p.m.
CVE-2023-27561
2023-03-0612:59:47
redhat.com
access.redhat.com
56
runc
flaw
race volume mounts
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.0%
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.
References
Related
openvas
openvas
Fedora: Security Advisory for runc (FEDORA-2023-1ba499965f)
2023-04-23 00:00:00
Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2023-6e6d9065e0)
2023-08-17 00:00:00
Fedora: Security Advisory for runc (FEDORA-2023-3cccbc4c95)
2023-04-23 00:00:00
vulnrichment
vulnrichment
CVE-2023-27561
2023-03-03 00:00:00
osv
osv
CVE-2023-27561
2023-03-03 19:15:11
Opencontainers runc Incorrect Authorization vulnerability
2023-03-03 21:30:19
nessus
nessus
Fedora 38 : runc (2023-3cccbc4c95)
2023-04-21 00:00:00
Fedora 37 : golang-github-opencontainers-runc (2023-9edf2145fb)
2023-08-16 00:00:00
Fedora 36 : runc (2023-1bcbb1db39)
2023-04-21 00:00:00
prion
prion
Design/Logic Flaw
2023-03-03 19:15:00
Improper access control
2020-02-12 15:15:00
fedora
fedora
[SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38
2023-08-16 01:22:21
[SECURITY] Fedora 36 Update: runc-1.1.6-1.fc36
2023-04-21 01:25:12
[SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38
2023-04-21 02:09:44
alpinelinux
alpinelinux
CVE-2023-27561
2023-03-03 19:15:11
CVE-2019-19921
2020-02-12 15:15:12
nvd
nvd
CVE-2023-27561
2023-03-03 19:15:11
CVE-2019-19921
2020-02-12 15:15:12
cve
cve
CVE-2023-27561
2023-03-03 19:15:11
CVE-2019-19921
2020-02-12 15:15:12
github
github
Opencontainers runc Incorrect Authorization vulnerability
2023-03-03 21:30:19
runc AppArmor bypass with symlinked /proc
2023-03-30 20:20:23
ubuntucve
ubuntucve
CVE-2023-27561
2023-03-03 00:00:00
CVE-2019-19921
2020-02-12 00:00:00
cvelist
cvelist
CVE-2023-27561
2023-03-03 00:00:00
CVE-2019-19921
2020-02-12 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2023-03-08 02:33:46
Sandbox Restrictions Bypass
2020-01-16 05:48:35
debiancve
debiancve
CVE-2023-27561
2023-03-03 19:15:11
CVE-2019-19921
2020-02-12 15:15:12
mageia
mageia
Updated opencontainers-runc packages fix security vulnerability
2023-04-07 00:20:12
Updated opencontainers-runc packages fix security vulnerability
2020-02-26 13:21:01
altlinux
altlinux
Security fix for the ALT Linux 10 package runc version 1.0.0-alt12.rc10
2020-02-17 00:00:00
Security fix for the ALT Linux 10 package runc version 1.1.5-alt1
2023-04-20 00:00:00
redhat
redhat
(RHSA-2020:0688) Moderate: OpenShift Container Platform 4.2.22 runc security update
2020-03-10 12:10:03
(RHSA-2020:0942) Moderate: runc security update
2020-03-23 13:32:09
redhatcve
redhatcve
CVE-2019-19921
2020-01-29 16:31:25
suse
suse
Security update for docker-runc (moderate)
2020-02-13 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0275
2020-08-22 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0038
2023-06-27 00:00:00
Important Photon OS Security Update - PHSA-2020-0275
2020-08-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-27561 affecting package moby-runc for versions less than 1.1.5-1
2023-05-03 16:08:49
CVE-2023-27561 affecting package moby-runc 1.1.2+azure-4
2023-04-20 19:17:28
amazon
amazon
Medium: runc
2020-04-20 18:58:00
debian
debian
[SECURITY] [DLA 3369-1] runc security update
2023-03-27 16:07:07
cgr
cgr
CVE-2023-27561 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-27561 vulnerabilities
2024-09-28 21:12:41
almalinux
almalinux
Moderate: runc security update
2023-11-07 00:00:00
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2020-04-28 09:01:00
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
ubuntu
ubuntu
runC vulnerabilities
2023-05-23 00:00:00
runC vulnerabilities
2020-03-09 00:00:00
runC vulnerabilities
2023-05-18 00:00:00
oraclelinux
oraclelinux
container-tools:ol8 security update
2020-05-12 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2020-05-05 00:00:00
aardvark-dns security update
2023-07-19 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-28642) (CVE-2023-27561)
2023-06-12 12:41:31
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc
2024-06-28 22:49:49
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-05-31 17:22:48
rosalinux
rosalinux
Advisory ROSA-SA-2024-2393
2024-04-11 07:16:35
Advisory ROSA-SA-2023-2209
2023-08-08 07:51:13
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2020-04-28 09:01:00
gentoo
gentoo
runC: Multiple vulnerabilities
2020-03-15 00:00:00
runc: Multiple Vulnerabilities
2024-08-11 00:00:00
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.0%
Related for RH:CVE-2023-27561