Home

CVE-2019-16884

Description

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.565

Associated Vulnerability

VulnerabilityOS Platform
Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~18.04.2_i386.debLinux
Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~18.04.2_amd64.debLinux
Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~19.10.2_i386.debLinux
Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~19.10.2_amd64.debLinux
(RHSA-2020:1234) docker security and bug fix update docker-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-client-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-common-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-logrotate-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
Toolbox update (ELSA-2020-1379) toolbox-0.0.4-1.module+el8.1.1+5502+fbec5cc6.x86_64.rpmLinux
Podman-manpages update (ELSA-2020-1379) podman-manpages-1.6.4-4.0.1.module+el8.1.1+5573+1c3f6079.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-debuginfo-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-tests-debuginfo-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update cockpit-podman-4-1.module+el8.1.0+4081+b29780af.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update container-selinux-2.123.0-2.module+el8.1.0+4900+9d7326b8.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containernetworking-plugins-0.8.1-3.module+el8.1.0+4881+045289ee.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containernetworking-plugins-debuginfo-0.8.1-3.module+el8.1.0+4881+045289ee.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containernetworking-plugins-debugsource-0.8.1-3.module+el8.1.0+4881+045289ee.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containers-common-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update fuse-overlayfs-debuginfo-0.4.1-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-debuginfo-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-debugsource-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-docker-1.4.2-6.module+el8.1.0+4830+f49150d7.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-manpages-1.4.2-6.module+el8.1.0+4830+f49150d7.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-remote-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-remote-debuginfo-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-tests-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update python-podman-api-1.2.0-0.1.gitd0a45fe.module+el8.1.0+4081+b29780af.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update runc-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update runc-debuginfo-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update runc-debugsource-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-debuginfo-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-debugsource-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-tests-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update slirp4netns-debuginfo-0.3.0-4.module+el8.1.0+4306+1d917805.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update toolbox-0.0.4-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
Oci-systemd-hook update (ELSA-2019-4269) oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+5440+994fc847.x86_64.rpmLinux
Oci-umount update (ELSA-2019-4269) oci-umount-2.3.4-2.git87f9237.module+el8.1.0+5440+994fc847.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234