Your submission was sent successfully! Close

CVE-2019-19921

Published: 12 February 2020

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Priority

Medium

CVSS 3 base score: 7.0

Status

Package Release Status
runc
Launchpad, Ubuntu, Debian
bionic
Released (1.0.0~rc10-0ubuntu1~18.04.2)
disco Ignored
(reached end-of-life)
eoan
Released (1.0.0~rc10-0ubuntu1~19.10.2)
focal
Released (1.0.0~rc10-0ubuntu1)
groovy
Released (1.0.0~rc10-0ubuntu1)
hirsute
Released (1.0.0~rc10-0ubuntu1)
impish
Released (1.0.0~rc10-0ubuntu1)
jammy
Released (1.0.0~rc10-0ubuntu1)
precise Does not exist

trusty Does not exist

upstream
Released (1.0.0~rc10)
xenial Ignored
(end of standard support, was needed)