It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. (CVE-2019-16884)
Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges. (CVE-2021-30465)
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2", "binary_name": "golang-github-opencontainers-runc-dev" }, { "binary_version": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2", "binary_name": "runc" }, { "binary_version": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2", "binary_name": "runc-dbgsym" } ] }