runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Patch: https://github.com/opencontainers/runc/pull/3785
runc 1.1.5 is out and it fixes two more CVEs: * CVE-2023-25809: is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. * CVE-2023-28642: is a variant of the same bug and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. https://github.com/opencontainers/runc/releases/tag/v1.1.5
commit 082f7b1e24a65be9c7b8d09cab220a68a3aca164 Author: William Hubbs <williamh@gentoo.org> Date: Sun Apr 23 16:33:55 2023 -0500 app-containers/runc: add 1.1.5 Signed-off-by: William Hubbs <williamh@gentoo.org>
commit c5bf2a0bfa317aea69e2536b61e17e963257a8e9 Author: William Hubbs <williamh@gentoo.org> Date: Tue Jul 25 10:18:58 2023 -0500 app-containers/runc: drop 1.1.4
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=68a8d508cf9f0faa2bd942edbbb2cbf358d169d3 commit 68a8d508cf9f0faa2bd942edbbb2cbf358d169d3 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-11 05:45:57 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-11 05:46:20 +0000 [ GLSA 202408-25 ] runc: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/828471 Bug: https://bugs.gentoo.org/844085 Bug: https://bugs.gentoo.org/903079 Bug: https://bugs.gentoo.org/923434 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-25.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)