3 matches found
runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
USN-4297-1 runc vulnerabilities
It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. CVE-2019-16884 It was discovered that runC incorrectly performed access...
runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...