Runc@* Security Vulnerabilities and Issues — Runc@* CVE List

Lucene search

LinuxfoundationRunc*

3 matches found

CVE•added 2023/03/03 7:15 p.m.•371 views

CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because ...

7CVSS6.8AI score0.00244EPSS

CVE•added 2023/03/29 7:15 p.m.•304 views

CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc. Se...

7.8CVSS7.5AI score0.00011EPSS

CVE•added 2023/03/29 7:15 p.m.•302 views

CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup n...

6.3CVSS6.6AI score0.00031EPSS