ALT-PU-2020-1252-1
Closed vulnerabilities
Published: 2020-02-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0219
- openSUSE-SU-2020:0219
- RHSA-2020:0688
- RHSA-2020:0688
- RHSA-2020:0695
- RHSA-2020:0695
- https://github.com/opencontainers/runc/issues/2197
- https://github.com/opencontainers/runc/issues/2197
- https://github.com/opencontainers/runc/pull/2190
- https://github.com/opencontainers/runc/pull/2190
- https://github.com/opencontainers/runc/releases
- https://github.com/opencontainers/runc/releases
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- FEDORA-2023-9edf2145fb
- FEDORA-2023-9edf2145fb
- FEDORA-2023-1bcbb1db39
- FEDORA-2023-1bcbb1db39
- FEDORA-2023-6e6d9065e0
- FEDORA-2023-6e6d9065e0
- FEDORA-2023-3cccbc4c95
- FEDORA-2023-3cccbc4c95
- FEDORA-2023-1ba499965f
- FEDORA-2023-1ba499965f
- GLSA-202003-21
- GLSA-202003-21
- https://security-tracker.debian.org/tracker/CVE-2019-19921
- https://security-tracker.debian.org/tracker/CVE-2019-19921
- USN-4297-1
- USN-4297-1