CVE-2019-19921
CWE-706 — Use of Incorrectly-Resolved NameCWE-41CWE-362 — Race ConditionCWE-363CWE-6122 documents10 sources
Severity
7.0HIGH
EPSS
0.1%
top 68.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedFeb 12
Latest updateNov 5
Description
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 18.04, 19.10, Openshift Container Platform 4.1, 4.2
Patches
🔴Vulnerability Details
11GHSA▶
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects↗2025-11-05
Kernel
▶
📋Vendor Advisories
6Microsoft▶
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custo↗2023-03-14
Red Hat▶
runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation↗2019-12-21
💬Community
4Bugzilla▶
CVE-2019-19921 docker: runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation [openstack-rdo]↗2020-01-29
Bugzilla▶
CVE-2019-19921 runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation↗2020-01-29
Bugzilla▶
CVE-2019-19921 runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation [fedora-all]↗2020-01-29
Bugzilla▶
CVE-2019-19921 docker: runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation [fedora-all]↗2020-01-29