QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19921

Published: Feb 12, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/opencontainers/runc/releases

https://security-tracker.debian.org/tracker/CVE-2019-19921

https://github.com/opencontainers/runc/issues/2197

https://github.com/opencontainers/runc/pull/2190

openSUSE-SU-2020:0219

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update

mailing-list

FEDORA-2023-1bcbb1db39

vendor-advisory

FEDORA-2023-3cccbc4c95

vendor-advisory

FEDORA-2023-1ba499965f

vendor-advisory

FEDORA-2023-9edf2145fb

vendor-advisory

FEDORA-2023-6e6d9065e0

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.