CVE-2019-19921
published 2020-02-12CVE-2019-19921: runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker…
high7CVSS 4.0
AVLACHPRLUINSUCHIHAH
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | runc | < runc 1.1.5+ds1-1 (bookworm) | runc 1.1.5+ds1-1 (bookworm) |
| debian | runc | < runc 1.0.0~rc10+dfsg1-1 (bookworm) | runc 1.0.0~rc10+dfsg1-1 (bookworm) |
| debian | runc | < runc 1.3.3+ds1-2 (forky) | runc 1.3.3+ds1-2 (forky) |
| github.com | opencontainers_runc | >= 0 < 1.2.8 | 1.2.8 |
| github.com | opencontainers_runc | >= 0 < 1.0.0-rc9.0.20200122160610-2fc03cc11c77 | 1.0.0-rc9.0.20200122160610-2fc03cc11c77 |
| github.com | opencontainers_runc | >= 1.0.0-rc95 < 1.1.5 | 1.1.5 |
| github.com | opencontainers_runc | >= 1.3.0-rc.1 < 1.3.3 | 1.3.3 |
| github.com | opencontainers_runc | >= 1.4.0-rc.1 < 1.4.0-rc.3 | 1.4.0-rc.3 |
| github.com | opencontainers_selinux | >= 0 < 1.13.0 | 1.13.0 |
| github.com | sylabs_singularity_v4 | >= 0 < 4.1.11 | 4.1.11 |
| github.com | sylabs_singularity_v4 | >= 4.2.0-rc.1 < 4.3.5 | 4.3.5 |
| linuxfoundation | runc | < 1.2.8 | 1.2.8 |
| linuxfoundation | runc | < 1.1.5 | 1.1.5 |
| linuxfoundation | runc | <= 0.1.1 | — |
| linuxfoundation | runc | — | — |
| linuxfoundation | runc | — | — |
| linuxfoundation | runc | >= 0 < 1.0.0~rc93+ds1-5+deb11u5 | 1.0.0~rc93+ds1-5+deb11u5 |
| linuxfoundation | runc | >= 0 < 1.0.0~rc10+dfsg1-1 | 1.0.0~rc10+dfsg1-1 |
| linuxfoundation | runc | >= 0 < 1.1.5+ds1-1 | 1.1.5+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.0.0~rc10+dfsg1-1 | 1.0.0~rc10+dfsg1-1 |
| linuxfoundation | runc | >= 0 < 1.1.5+ds1-1 | 1.1.5+ds1-1 |
CVSS provenance
nvdv4.07.3HIGHCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa7.3HIGH
osv7.5HIGH