CVE-2023-27561

CVSS v3.1 7 (High)

EPSS 0.05 % (20^th)

Affected Products 4

Advisories 22

NVD Status Modified

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

Weaknesses

CWE-706: Use of Incorrectly-Resolved Name or Reference

Related CVEs

CVE-2019-19921

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2023-03-03 19:15:11
(18 months ago)
Updated Date: 2024-07-03 01:39:46
(2 months ago)

Affected Products

Debian

Debian Linux

Linuxfoundation

Runc

Redhat

Configuration #1

		CPE23	From	Up To
	Linuxfoundation Runc prior 1.1.5 version	cpe:2.3:a:linuxfoundation:runc		< 1.1.5

Configuration #2

		CPE23	From	Up To
	Redhat Openshift Container Platform 4.0	cpe:2.3:a:redhat:openshift_container_platform:4.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0

Configuration #3

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0