runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XLinuxfoundation Runc
APPLinuxfoundation1.4.0< 1.2.81.3.0 β 1.3.3 (bez)
Related vulnerabilities
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, ...
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 ...
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1....
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/r...
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerab...