It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. An attacker could possibly use this issue to bypass AppArmor, and potentially SELinux. (CVE-2023-28642)
{ "binaries": [ { "binary_version": "1.1.4-0ubuntu1~18.04.2", "binary_name": "golang-github-opencontainers-runc-dev" }, { "binary_version": "1.1.4-0ubuntu1~18.04.2", "binary_name": "runc" } ], "availability": "No subscription required" }
{ "cves_map": { "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-25809" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-27561" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-28642" } ], "ecosystem": "Ubuntu:18.04:LTS" } }
{ "binaries": [ { "binary_version": "1.1.4-0ubuntu1~20.04.3", "binary_name": "golang-github-opencontainers-runc-dev" }, { "binary_version": "1.1.4-0ubuntu1~20.04.3", "binary_name": "runc" } ], "availability": "No subscription required" }
{ "cves_map": { "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-25809" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-27561" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-28642" } ], "ecosystem": "Ubuntu:20.04:LTS" } }
{ "binaries": [ { "binary_version": "1.1.4-0ubuntu1~22.04.3", "binary_name": "golang-github-opencontainers-runc-dev" }, { "binary_version": "1.1.4-0ubuntu1~22.04.3", "binary_name": "runc" } ], "availability": "No subscription required" }
{ "cves_map": { "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-25809" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-27561" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2023-28642" } ], "ecosystem": "Ubuntu:22.04:LTS" } }