ROSA LABROSA-SA-2023-2209Advisory ROSA-SA-2023-2209
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.6%
software: runc 1.1.7
OS: ROSA-CHROME
package_evr_string: runc-1.1.1.7-1.src.rpm
CVE-ID: CVE-2021-43784
BDU-ID: 2023-02652
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update runc
CVE-ID: CVE-2022-24769
BDU-ID: 2023-00215
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Containerd container runtime environment is related to the incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update runc
CVE-ID: CVE-2022-29162
BDU-ID: 2022-05793
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ‘runc exec --cap’ command of the Runc isolated container startup tool is related to default permissions settings. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update runc
CVE-ID: CVE-2023-25809
BDU-ID: 2023-03860
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Runc isolated container launch tool is related to improper permission saving. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update runc
CVE-ID: CVE-2023-27561
BDU-ID: 2023-03863
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the libcontainer/rootfs_linux.go component of the Runc isolated container startup tool is related to the use of an invalidly referenced name. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update runc
CVE-ID: CVE-2023-28642
BDU-ID: 2023-03869
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Runc isolated container tool is related to incorrectly defining symbolic links before accessing a file. Exploitation of the vulnerability allows an attacker to access sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update runc
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.6%