QwikSec

Security Database

CVE

CWE

Training

CVE-2023-27561

Published: Mar 3, 2023

Modified: Dec 16, 2025

PUBLISHED

Description

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/opencontainers/runc/issues/3751

https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334

https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9

[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update

mailing-list

FEDORA-2023-1bcbb1db39

vendor-advisory

FEDORA-2023-3cccbc4c95

vendor-advisory

FEDORA-2023-1ba499965f

vendor-advisory

FEDORA-2023-9edf2145fb

vendor-advisory

FEDORA-2023-6e6d9065e0

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.