Incorrect Access Control in runc 1.0.0-rc9 Allows Privilege Escalation via libcontainer/rootfs_linux.go

Incorrect Access Control in runc 1.0.0-rc9 Allows Privilege Escalation via libcontainer/rootfs_linux.go

CVE-2019-19921 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.