CVE-2023-27561
Summary
| CVE | CVE-2023-27561 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-03-03 19:15:00 UTC |
|---|
| Updated | 2023-11-07 04:09:00 UTC |
|---|
| Description | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| runc_poc.md · GitHub |
MISC |
gist.github.com |
|
| [SECURITY] Fedora 36 Update: runc-1.1.6-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [CVE-2019-19921]: Volume mount race condition with shared mounts · Issue #2197 · opencontainers/runc · GitHub |
MISC |
github.com |
|
| CVE-2019-19921 re-introduction/regression · Issue #3751 · opencontainers/runc · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: runc-1.1.6-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: runc-1.1.6-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3369-1] runc security update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: golang-github-opencontainers-runc-1.1.8-2.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: golang-github-opencontainers-runc-1.1.8-2.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: runc-1.1.6-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160789 Oracle Enterprise Linux Security Update for aardvark-dns (ELSA-2023-12579)
- 160797 Oracle Enterprise Linux Security Update for buildah (ELSA-2023-12578)
- 161114 Oracle Enterprise Linux Security Update for runc (ELSA-2023-6380)
- 161175 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-6939)
- 161187 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-6938)
- 181640 Debian Security Update for runc (DLA 3369-1)
- 183022 Debian Security Update for runc (CVE-2023-27561)
- 199349 Ubuntu Security Notification for runC Vulnerabilities (USN-6088-1)
- 199528 Ubuntu Security Notification for runC Vulnerabilities (USN-6088-2)
- 241745 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3612)
- 241856 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:4093)
- 242301 Red Hat Update for runc (RHSA-2023:6380)
- 242415 Red Hat Update for container-tools:rhel8 (RHSA-2023:6939)
- 242458 Red Hat Update for container-tools:4.0 (RHSA-2023:6938)
- 283911 Fedora Security Update for runc (FEDORA-2023-1bcbb1db39)
- 283912 Fedora Security Update for runc (FEDORA-2023-1ba499965f)
- 284186 Fedora Security Update for runc (FEDORA-2023-3cccbc4c95)
- 284402 Fedora Security Update for golang (FEDORA-2023-9edf2145fb)
- 284412 Fedora Security Update for golang (FEDORA-2023-6e6d9065e0)
- 355356 Amazon Linux Security Advisory for runc : ALAS2NITRO-ENCLAVES-2023-024
- 355359 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2023-025
- 355440 Amazon Linux Security Advisory for runc : ALAS2023-2023-208
- 355564 Amazon Linux Security Advisory for runc : ALAS2ECS-2023-004
- 379641 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)
- 502952 Alpine Linux Security Update for runc
- 502953 Alpine Linux Security Update for runc
- 503262 Alpine Linux Security Update for runc
- 503263 Alpine Linux Security Update for runc
- 506236 Alpine Linux Security Update for runc
- 506237 Alpine Linux Security Update for runc
- 6140376 AWS Bottlerocket Security Update for runc (GHSA-8pmj-g99j-rqjm)
- 672894 EulerOS Security Update for docker-runc (EulerOS-SA-2023-1818)
- 672897 EulerOS Security Update for docker-runc (EulerOS-SA-2023-1800)
- 673898 EulerOS Security Update for docker-runc (EulerOS-SA-2023-2680)
- 673972 EulerOS Security Update for docker-runc (EulerOS-SA-2023-2638)
- 753943 SUSE Enterprise Linux Security Update for runc (SUSE-SU-2023:2003-1)
- 770195 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3612)
- 770200 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:4093)
- 906777 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (25571-1)
- 906843 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (25574-1)
- 941400 AlmaLinux Security Update for runc (ALSA-2023:6380)
- 941444 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:6938)
- 941481 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:6939)
