Runc
CVE-2023-27561
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
AnalysisAI
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-706. runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Affected products include: Linuxfoundation Runc, Redhat Openshift Container Platform, Redhat Enterprise Linux, Debian Debian Linux. Version information: through 1.1.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Alpine Linux: runc fixed in 1.1.12-r0
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 8.4
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass beca
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated medium severity (CVSS 6
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severit
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), t
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a po
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.8
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity
Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today