runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
{
"unresolved_ranges": [
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"
],
"vendor_product": "fedoraproject:fedora",
"extracted_events": [
{
"introduced": "33"
},
{
"last_affected": "33"
},
{
"introduced": "34"
},
{
"last_affected": "34"
}
]
}
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.1"
},
{
"introduced": "1.0.0-rc1"
},
{
"last_affected": "1.0.0-rc1"
},
{
"introduced": "1.0.0-rc10"
},
{
"last_affected": "1.0.0-rc10"
},
{
"introduced": "1.0.0-rc90"
},
{
"last_affected": "1.0.0-rc90"
},
{
"introduced": "1.0.0-rc2"
},
{
"last_affected": "1.0.0-rc2"
},
{
"introduced": "1.0.0-rc3"
},
{
"last_affected": "1.0.0-rc3"
},
{
"introduced": "1.0.0-rc4"
},
{
"last_affected": "1.0.0-rc4"
},
{
"introduced": "1.0.0-rc5"
},
{
"last_affected": "1.0.0-rc5"
},
{
"introduced": "1.0.0-rc6"
},
{
"last_affected": "1.0.0-rc6"
},
{
"introduced": "1.0.0-rc7"
},
{
"last_affected": "1.0.0-rc7"
},
{
"introduced": "1.0.0-rc8"
},
{
"last_affected": "1.0.0-rc8"
},
{
"introduced": "1.0.0-rc9"
},
{
"last_affected": "1.0.0-rc9"
},
{
"introduced": "1.0.0-rc91"
},
{
"last_affected": "1.0.0-rc91"
},
{
"introduced": "1.0.0-rc92"
},
{
"last_affected": "1.0.0-rc92"
},
{
"introduced": "1.0.0-rc93"
},
{
"last_affected": "1.0.0-rc93"
},
{
"introduced": "1.0.0-rc94"
},
{
"last_affected": "1.0.0-rc94"
}
],
"cpe": [
"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc10:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc90:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc9:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc91:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc92:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc93:*:*:*:*:*:*",
"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc94:*:*:*:*:*:*"
]
}