CVE-2019-19921

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2019-19921
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2020-02-12 15:15:00 UTC
Updated2023-11-07 03:07:00 UTC
Descriptionrunc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Risk And Classification

Problem Types: CWE-706

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Canonical Ubuntu Linux 19.10 All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Application Linuxfoundation Runc 1.0.0 rc1 All All
Application Linuxfoundation Runc 1.0.0 rc2 All All
Application Linuxfoundation Runc 1.0.0 rc3 All All
Application Linuxfoundation Runc 1.0.0 rc4 All All
Application Linuxfoundation Runc 1.0.0 rc5 All All
Application Linuxfoundation Runc 1.0.0 rc6 All All
Application Linuxfoundation Runc 1.0.0 rc7 All All
Application Linuxfoundation Runc 1.0.0 rc8 All All
Application Linuxfoundation Runc 1.0.0 rc9 All All
Application Linuxfoundation Runc All All All All
Application Linuxfoundation Runc 1.0.0 rc1 All All
Application Linuxfoundation Runc 1.0.0 rc2 All All
Application Linuxfoundation Runc 1.0.0 rc3 All All
Application Linuxfoundation Runc 1.0.0 rc4 All All
Application Linuxfoundation Runc 1.0.0 rc5 All All
Application Linuxfoundation Runc 1.0.0 rc6 All All
Application Linuxfoundation Runc 1.0.0 rc7 All All
Application Linuxfoundation Runc 1.0.0 rc8 All All
Application Linuxfoundation Runc 1.0.0 rc9 All All
Operating System Opensuse Leap 15.1 All All All
Operating System Opensuse Leap 15.1 All All All
Application Redhat Openshift Container Platform 4.1 All All All
Application Redhat Openshift Container Platform 4.2 All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: runc-1.1.6-1.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Releases · opencontainers/runc · GitHub MISC github.com Third Party Advisory
[SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Adding Security audit by amye · Pull Request #2190 · opencontainers/runc · GitHub MISC github.com Issue Tracking, Third Party Advisory
[SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Red Hat Customer Portal REDHAT access.redhat.com
[SECURITY] Fedora 37 Update: runc-1.1.6-1.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 37 Update: runc-1.1.6-1.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE-2019-19921 MISC security-tracker.debian.org Third Party Advisory
[SECURITY] [DLA 3369-1] runc security update MLIST lists.debian.org
[SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[security-announce] openSUSE-SU-2020:0219-1: moderate: Security update f SUSE lists.opensuse.org Mailing List, Third Party Advisory
[SECURITY] Fedora 37 Update: golang-github-opencontainers-runc-1.1.8-2.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[CVE-2019-19921]: Volume mount race condition with shared mounts · Issue #2197 · opencontainers/runc · GitHub MISC github.com Issue Tracking, Patch, Third Party Advisory
[SECURITY] Fedora 37 Update: golang-github-opencontainers-runc-1.1.8-2.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
runC: Multiple vulnerabilities (GLSA 202003-21) — Gentoo security GENTOO security.gentoo.org
Red Hat Customer Portal REDHAT access.redhat.com
USN-4297-1: runC vulnerabilities | Ubuntu security notices | Ubuntu UBUNTU usn.ubuntu.com
[SECURITY] Fedora 36 Update: runc-1.1.6-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159667 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2020-1650)
  • 174971 SUSE Enterprise Linux Security Update for containerd, docker, runc (SUSE-SU-2021:1458-1)
  • 181640 Debian Security Update for runc (DLA 3369-1)
  • 199528 Ubuntu Security Notification for runC Vulnerabilities (USN-6088-2)
  • 283911 Fedora Security Update for runc (FEDORA-2023-1bcbb1db39)
  • 283912 Fedora Security Update for runc (FEDORA-2023-1ba499965f)
  • 284186 Fedora Security Update for runc (FEDORA-2023-3cccbc4c95)
  • 284402 Fedora Security Update for golang (FEDORA-2023-9edf2145fb)
  • 284412 Fedora Security Update for golang (FEDORA-2023-6e6d9065e0)
  • 353050 Amazon Linux Security Advisory for runc : ALAS2NITRO-ENCLAVES-2021-009
  • 353063 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2021-009
  • 377335 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2022:0110)
  • 500857 Alpine Linux Security Update for containerd
  • 501237 Alpine Linux Security Update for runc
  • 504639 Alpine Linux Security Update for containerd
  • 671566 EulerOS Security Update for docker-engine (EulerOS-SA-2022-1585)
  • 671581 EulerOS Security Update for docker-engine (EulerOS-SA-2022-1550)
  • 671713 EulerOS Security Update for docker-runc (EulerOS-SA-2022-1762)
  • 672861 EulerOS Security Update for docker-engine (EulerOS-SA-2023-1617)
  • 673220 EulerOS Security Update for docker-engine (EulerOS-SA-2023-2352)
  • 673225 EulerOS Security Update for docker-engine (EulerOS-SA-2023-2378)
  • 673273 EulerOS Security Update for docker-runc (EulerOS-SA-2023-2581)
  • 673302 EulerOS Security Update for docker-runc (EulerOS-SA-2023-2611)
  • 770015 Red Hat OpenShift Container Platform 4.2.22 Security Update (RHSA-2020:0688)
  • 770017 Red Hat OpenShift Container Platform 4.1.38 Security Update (RHSA-2020:0695)
  • 940531 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2020:1650)
  • 960829 Rocky Linux Security Update for container-tools:rhel8 (RLSA-2020:1650)
  • 982388 Go (go) Security Update for github.com/opencontainers/runc/libcontainer (GHSA-fh74-hm69-rqjw)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report