CVE-2019-19921
Description
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.159
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~18.04.2_i386.deb | Linux |
| Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~18.04.2_amd64.deb | Linux |
| Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~19.10.2_i386.deb | Linux |
| Open Container Project (USN-4297-1) runc_1.0.0~rc10-0ubuntu1~19.10.2_amd64.deb | Linux |
| (RHSA-2020:0942) runc security update runc-1.0.0-66.rc8.el7_7.x86_64.rpm | Linux |
| container-tools:rhel8 security, bug fix, and enhancement update (RLSA-2020:1650) toolbox-0.0.7-1.module+el8.5.0+770+e2f49861.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234