CVE-2019-19921 - Use of Incorrectly-Resolved Name or Reference

Severity

70%

Complexity

10%

Confidentiality

98%

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

CVSS 3.1 Base Score 7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 5 years ago

2020-02-12 15:15:00

Last updated 4 years ago

2020-03-11 22:26:00

Affected Software

LINUX FOUNDATION Runc

The Linux Foundation runc 1.0.0 Release Candidate 1

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 2

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 3

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 4

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 5

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 6

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 7

1.0.0

The Linux Foundation runc 1.0.0 Release Candidate 8

1.0.0

LINUX FOUNDATION Runc 1.0.0 Release Candidate 9

1.0.0

Debian Linux 9.0

9.0

Debian Linux 10

10

OpenSUSE Leap 15.1

15.1

References

openSUSE-SU-2020:0219

Mailing List, Third Party Advisory

RHSA-2020:0688

RHSA-2020:0695

https://github.com/opencontainers/runc/issues/2197

Issue Tracking, Patch, Third Party Advisory

https://github.com/opencontainers/runc/pull/2190

Issue Tracking, Third Party Advisory

https://github.com/opencontainers/runc/releases

Third Party Advisory

GLSA-202003-21

https://security-tracker.debian.org/tracker/CVE-2019-19921

Third Party Advisory

USN-4297-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.