github.com/opencontainers/runc is vulnerable to attackers bypassing access restrictions. This is possible when ambient capabilities are enabled but misconfigured. It would allow malicious images to bypass user permissions and access other files within the file system and other mounted volumes. This transitively affects Docker.