2118 matches found
CVE-2023-28642
Summary (concrete details): The CVE-2023-28642 issue affects the container runtime components, notably the runC tool. The root cause is an AppArmor bypass when a container’s /proc is symlinked under a specific mount configuration, enabling an attacker with local access to bypass confinement. The ...
CVE-2023-28642 AppArmor bypass with symlinked /proc in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-28642 AppArmor bypass with symlinked /proc in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-28642
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-25809
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...
runc 后置链接漏洞
runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions prior to 1.1.5, which stems from the fact that AppArmor can be bypassed when /proc within a container is symlinked with a specific...
PT-2023-3586 · Runc +9 · Runc +9
Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.5 Description: The issue is related to rootless runc making /sys/fs/cgroup writable under certain conditions, specifically when runc is executed inside the user namespace and the config.json does not specify the...
runc 安全漏洞
runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions prior to 1.1.5, which stems from the fact that runc does not specify the namespace to be unshared when executing within the user...
Debian: Security Advisory (DLA-3369-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3369 : golang-github-opencontainers-runc-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3369 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3369-1 [email protected]...
CBL Mariner 2.0 Security Update: moby-runc (CVE-2022-24769)
The version of moby-runc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24769 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bu...
[SECURITY] [DLA 3369-1] runc security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3369-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 27, 2023 https://wiki.debian.org/LTS -...
DLA-3369-1 runc - security update
Bulletin has no description...
PT-2023-3594 · Apparmor +10 · Apparmor +10
Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.5 Description: The issue is related to the incorrect handling of symbolic links before accessing a file, which allows an attacker to access confidential data, compromise its integrity, and cause a denial of service...
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custom volume-mount configurations and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
...
SUSE CVE-2023-27561
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...
CVE-2023-27561
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...
GHSA-VPVM-3WQ2-2WVM Opencontainers runc Incorrect Authorization vulnerability
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue...
Opencontainers runc Incorrect Authorization vulnerability
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue...
CVE-2023-27561
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...