Description
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
References (10)
Scores
CVSS v3
7.0
EPSS
0.0015
EPSS Percentile
34.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-706
Status
published
Products (6)
debian/debian_linux
10.0
linuxfoundation/runc
< 1.1.5
opencontainers/runc
1.0.0-rc95 - 1.1.5Go
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/openshift_container_platform
4.0
Published
Mar 03, 2023
Tracked Since
Feb 18, 2026