CVE-2020-14298
Published: 13 July 2020
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
Priority
Low
CVSS 3 base score: 8.8
Status
| Package | Release | Status |
|---|---|---|
|
docker.io Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(debian: Red Hat specific regression)
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(Red Hat specific regression)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(Red Hat specific regression)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(Red Hat specific regression)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(Red Hat specific regression)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|