runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Patch: https://github.com/opencontainers/runc/pull/3785
runc 1.1.5 is out and it fixes two more CVEs: * CVE-2023-25809: is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. * CVE-2023-28642: is a variant of the same bug and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. https://github.com/opencontainers/runc/releases/tag/v1.1.5
commit 082f7b1e24a65be9c7b8d09cab220a68a3aca164 Author: William Hubbs <williamh@gentoo.org> Date: Sun Apr 23 16:33:55 2023 -0500 app-containers/runc: add 1.1.5 Signed-off-by: William Hubbs <williamh@gentoo.org>