CVE-2023-28642
published 2023-03-29CVE-2023-28642: runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.34%
26.1th percentile
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | runc | < runc 1.1.5+ds1-1 (bookworm) | runc 1.1.5+ds1-1 (bookworm) |
| github.com | opencontainers_runc | >= 0 < 1.1.5 | 1.1.5 |
| linuxfoundation | runc | < 1.1.5 | 1.1.5 |
| linuxfoundation | runc | >= 0 < 1.0.0~rc93+ds1-5+deb11u5 | 1.0.0~rc93+ds1-5+deb11u5 |
| linuxfoundation | runc | >= 0 < 1.1.5+ds1-1 | 1.1.5+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.1.5+ds1-1 | 1.1.5+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.1.5+ds1-1 | 1.1.5+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.1.4-0ubuntu1~18.04.2 | 1.1.4-0ubuntu1~18.04.2 |
| linuxfoundation | runc | >= 0 < 1.1.4-0ubuntu1~20.04.3 | 1.1.4-0ubuntu1~20.04.3 |
| linuxfoundation | runc | >= 0 < 1.1.4-0ubuntu1~22.04.3 | 1.1.4-0ubuntu1~22.04.3 |
| linuxfoundation | runc | >= 0 < 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 | 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 |
| msrc | cbl2_moby-runc_1.1.5-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_moby-runc_1.1.5+azure-1_on_cbl_mariner_1.0 | — | — |
| opencontainers | runc | < 1.1.5 | 1.1.5 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa7.0HIGH
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_ubuntu7.0HIGH
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
runC vulnerabilities
vendor_ubuntu·2023-05-23·CVSS 7.0
CVE-2022-29162 [HIGH] runC vulnerabilities
Title: runC vulnerabilities
Summary: Several security issues were fixed in runC.
USN-6088-1 fixed vulnerabilities in runC. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges.
(CVE-2019-19921)
Felix Wilhelm discovered that runC incorrecly handled netlink
messages. An attacker could possibly use
this issue to escalate privileges. (CVE-2021-43784)
Andrew G. Morgan discovered that runC incorrectly set
inherited process capabilities inside the container.
An attacker could possibly use this issue to
escalate privileges. (CVE-2022-29162)
Original advisory details:
It was discovered that runC incorrectly m
Ubuntu
runC vulnerabilities
vendor_ubuntu·2023-05-18·CVSS 5.0
CVE-2023-28642 [MEDIUM] runC vulnerabilities
Title: runC vulnerabilities
Summary: Several security issues were fixed in runC.
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacker could possibly
use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and
/sys mounts inside a container. An attacker could possibly
use this issue to bypass AppArmor, and potentially SELinux.
(CVE-2023-28642)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration
vendor_redhat·2023-03-29·CVSS 6.1
CVE-2023-28642 [MEDIUM] CWE-305 runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration
runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.
Statement: The symlink vulnerabi
Microsoft
AppArmor bypass with symlinked /proc in runc
vendor_msrc·2023-03-14·CVSS 7.8
CVE-2023-28642 [MEDIUM] CWE-59 AppArmor bypass with symlinked /proc in runc
AppArmor bypass with symlinked /proc in runc
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.micr
Debian
CVE-2023-28642: runc - runc is a CLI tool for spawning and running containers according to the OCI spec...
vendor_debian·2023·CVSS 6.1
CVE-2023-28642 [MEDIUM] CVE-2023-28642: runc - runc is a CLI tool for spawning and running containers according to the OCI spec...
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
Scope: local
bookworm: resolved (fixed in 1.1.5+ds1-1)
bullseye: resolved (fixed in 1.0.0~rc93+ds1-5+deb11u5)
forky: resolved (fixed in 1.1.5+ds1-1)
sid: resolved (fixed in 1.1.5+ds1-1)
trixie: resolved (fixed in 1.1.5+ds1-1)
OSV
AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
osv·2024-08-20
CVE-2023-28642 AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
OSV
runc vulnerabilities
osv·2023-05-23·CVSS 7.0
CVE-2019-19921 [HIGH] runc vulnerabilities
runc vulnerabilities
USN-6088-1 fixed vulnerabilities in runC. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges.
(CVE-2019-19921)
Felix Wilhelm discovered that runC incorrecly handled netlink
messages. An attacker could possibly use
this issue to escalate privileges. (CVE-2021-43784)
Andrew G. Morgan discovered that runC incorrectly set
inherited process capabilities inside the container.
An attacker could possibly use this issue to
escalate privileges. (CVE-2022-29162)
Original advisory details:
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacke
OSV
runc vulnerabilities
osv·2023-05-18·CVSS 6.3
CVE-2023-25809 [MEDIUM] runc vulnerabilities
runc vulnerabilities
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacker could possibly
use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and
/sys mounts inside a container. An attacker could possibly
use this issue to bypass AppArmor, and potentially SELinux.
(CVE-2023-28642)
GHSA
runc AppArmor bypass with symlinked /proc
ghsa·2023-03-30·CVSS 7.0
CVE-2023-28642 [HIGH] CWE-281 runc AppArmor bypass with symlinked /proc
runc AppArmor bypass with symlinked /proc
### Impact
It was found that AppArmor, and potentially SELinux, can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration.
### Patches
Fixed in runc v1.1.5, by prohibiting symlinked `/proc`: https://github.com/opencontainers/runc/pull/3785
This PR fixes CVE-2023-27561 as well.
### Workarounds
Avoid using an untrusted container image.
OSV
runc AppArmor bypass with symlinked /proc
osv·2023-03-30·CVSS 7.0
CVE-2023-28642 [HIGH] runc AppArmor bypass with symlinked /proc
runc AppArmor bypass with symlinked /proc
### Impact
It was found that AppArmor, and potentially SELinux, can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration.
### Patches
Fixed in runc v1.1.5, by prohibiting symlinked `/proc`: https://github.com/opencontainers/runc/pull/3785
This PR fixes CVE-2023-27561 as well.
### Workarounds
Avoid using an untrusted container image.
OSV
CVE-2023-28642: runc is a CLI tool for spawning and running containers according to the OCI specification
osv·2023-03-29·CVSS 7.8
CVE-2023-28642 [HIGH] CVE-2023-28642: runc is a CLI tool for spawning and running containers according to the OCI specification
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/opencontainers/runc/pull/3785https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8chttps://github.com/opencontainers/runc/pull/3785https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8chttps://security.netapp.com/advisory/ntap-20241206-0005/
2023-03-29
Published