Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 709456 (CVE-2019-19921) - app-emulation/runc: Incorrect Access Control leading to Escalation of Privileges (CVE-2019-19921)
Summary: app-emulation/runc: Incorrect Access Control leading to Escalation of Privile...
Status: UNCONFIRMED
Alias: CVE-2019-19921
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: C1 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-13 09:19 UTC by filip ambroz
Modified: 2020-02-13 09:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-02-13 09:19:17 UTC
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images.


Fixed in 1.0.0-rc10:
https://github.com/opencontainers/runc/releases

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-19921
https://security-tracker.debian.org/tracker/CVE-2019-19921
https://www.suse.com/security/cve/CVE-2019-19921/
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19921.html