CVE-2023-25809

CWE-281CWE-276Incorrect Default Permissions12 documents8 sources
Severity
6.3MEDIUM
EPSS
0.0%
top 89.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Opencontainers RuncGithub.com Opencontainers/runcLinuxfoundation Runc
Timeline
PublishedMar 29
Latest updateAug 20

Description

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted wit

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.7

Affected Packages5 packages

CVEListV5opencontainers/runc< 1.1.5
Debianrunc< 1.0.0~rc93+ds1-5+deb11u4+3
Ubunturunc< 1.1.4-0ubuntu1~18.04.2+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runc2024-08-20
OSV
runc vulnerabilities2023-05-18
GHSA
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc2023-03-30
OSV
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc2023-03-30
CVEList
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc2023-03-29

📋Vendor Advisories

5
Ubuntu
runC vulnerabilities2023-05-23
Ubuntu
runC vulnerabilities2023-05-18
Red Hat
runc: Rootless runc makes `/sys/fs/cgroup` writable2023-03-29
Microsoft
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc2023-03-14
Debian
CVE-2023-25809: runc - runc is a CLI tool for spawning and running containers according to the OCI spec...2023
CVE-2023-25809 (MEDIUM CVSS 6.3) | runc is a CLI tool for spawning and | cvebase.io