CVE-2019-19921NVD

Description

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Severity Level

UNKNOWN

Published Date

12/02/2020

Last Modified

05/08/2024

Exploitation Status

????

References

https://github.com/opencontainers/runc/releases
https://security-tracker.debian.org/tracker/CVE-2019-19921
https://github.com/opencontainers/runc/issues/2197
https://github.com/opencontainers/runc/pull/2190
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
https://access.redhat.com/errata/RHSA-2020:0688
https://access.redhat.com/errata/RHSA-2020:0695
https://security.gentoo.org/glsa/202003-21
https://usn.ubuntu.com/4297-1/
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/