Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 903079 (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)

Summary: <app-containers/runc-1.1.5: Privilege escalation bug
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gyakovlev, williamh
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/opencontainers/runc/releases/tag/v1.1.5
See Also: https://bugs.gentoo.org/show_bug.cgi?id=709456
https://github.com/opencontainers/runc/pull/3785
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-26 01:19:16 UTC
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-26 01:19:55 UTC
Patch: https://github.com/opencontainers/runc/pull/3785
Comment 2 Mathieu Tortuyaux 2023-03-29 10:10:28 UTC
runc 1.1.5 is out and it fixes two more CVEs:

* CVE-2023-25809: is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda.

* CVE-2023-28642: is a variant of the same bug and was fixed by the same
patch. This variant of the above vulnerability was reported by Lei Wang.

https://github.com/opencontainers/runc/releases/tag/v1.1.5
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 22:32:05 UTC
commit 082f7b1e24a65be9c7b8d09cab220a68a3aca164
Author: William Hubbs <williamh@gentoo.org>
Date:   Sun Apr 23 16:33:55 2023 -0500

    app-containers/runc: add 1.1.5

    Signed-off-by: William Hubbs <williamh@gentoo.org>
Comment 4 Hans de Graaff gentoo-dev Security 2023-10-13 13:00:58 UTC
commit c5bf2a0bfa317aea69e2536b61e17e963257a8e9
Author: William Hubbs <williamh@gentoo.org>
Date:   Tue Jul 25 10:18:58 2023 -0500

    app-containers/runc: drop 1.1.4
Comment 5 Larry the Git Cow gentoo-dev 2024-08-11 05:46:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=68a8d508cf9f0faa2bd942edbbb2cbf358d169d3

commit 68a8d508cf9f0faa2bd942edbbb2cbf358d169d3
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-11 05:45:57 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-11 05:46:20 +0000

    [ GLSA 202408-25 ] runc: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/828471
    Bug: https://bugs.gentoo.org/844085
    Bug: https://bugs.gentoo.org/903079
    Bug: https://bugs.gentoo.org/923434
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-25.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)