6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.3%
It was found that rootless runc makes /sys/fs/cgroup
writable in following conditons:
config.json
does not specify the cgroup namespace to be unshared (e.g…, (docker|podman|nerdctl) run --cgroupns=host
, with Rootless Docker/Podman/nerdctl)/sys
is mounted with rbind, ro
(e.g., runc spec --rootless
; this condition is very rare)A container may gain the write access to user-owned cgroup hierarchy /sys/fs/cgroup/user.slice/...
on the host .
Other users’s cgroup hierarchies are not affected.
v1.1.5 (planned)
(docker|podman|nerdctl) run --cgroupns=private)
. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts./sys/fs/cgroup
to maskedPaths
CPE | Name | Operator | Version |
---|---|---|---|
github.com/opencontainers/runc | lt | 1.1.5 |
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.3%