Описание
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
For Red Hat OpenStack Platform, because runc is not directly used by the director-operator, no update will be provided at this time for the operator containers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | docker | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:1.0/runc | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools:2.0/runc | Not affected | ||
| Red Hat OpenStack Platform 16.2 | osp-director-provisioner-container | Will not fix | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel8-tech-preview/osp-director-downloader | Will not fix | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel8-tech-preview/osp-director-operator | Will not fix | ||
| Red Hat Enterprise Linux 7 Extras | runc | Fixed | RHSA-2020:0942 | 23.03.2020 |
| Red Hat Enterprise Linux 8 | container-tools | Fixed | RHSA-2020:1650 | 28.04.2020 |
| Red Hat OpenShift Container Platform 4.1 | runc | Fixed | RHSA-2020:0695 | 12.03.2020 |
| Red Hat OpenShift Container Platform 4.2 | runc | Fixed | RHSA-2020:0688 | 10.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...
EPSS
7 High
CVSS3