Lucene search

K
cvelistMitreCVELIST:CVE-2023-27561
HistoryMar 03, 2023 - 12:00 a.m.

CVE-2023-27561

2023-03-0300:00:00
mitre
www.cve.org
runc 1.1.4
incorrect access control
privilege escalation
libcontainer/rootfs_linux.go
custom volume-mount
custom images
cve-2019-19921 regression

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

References