runc: volume mount race condition (regression of CVE-2019-19921)

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...

SUSE-SU-2023:2356-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities bsc1211390. Non-security fixes: - Fixed a potential crash during driver cleanup bsc1209861. - Added Apparmor support for SUSE...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

Sandbox Restrictions Bypass

github.com/opencontainers/runc is vulnerable to sandbox restrictions bypass. An attacker who controls the container image for two containers that share a volume will be able to mount arbitrary volumes in a race condition during container initialization via a symlink that is added to the rootfs...