CVE-2019-19921
runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el archivo libcontainer/rootfs_linux.go. Para explotar esto, un atacante debe ser capaz de generar dos contenedores con configuraciones de montaje de volumen personalizadas y ser capaz de ejecutar imágenes personalizadas. (Esta vulnerabilidad no afecta a Docker debido a un detalle de implementación que bloquea el ataque).
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-22 CVE Reserved
- 2020-02-12 CVE Published
- 2023-04-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-41: Improper Resolution of Path Equivalence
- CWE-706: Use of Incorrectly-Resolved Name or Reference
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| https://github.com/opencontainers/runc/pull/2190 | Issue Tracking | |
| https://github.com/opencontainers/runc/releases | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html | Mailing List |
|
| https://security-tracker.debian.org/tracker/CVE-2019-19921 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/opencontainers/runc/issues/2197 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | <= 0.1.1 Search vendor "Linuxfoundation" for product "Runc" and version " <= 0.1.1" | - |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc1 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc2 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc3 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc4 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc5 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc6 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc7 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc8 |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc9 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.1 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.2 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.2" | - |
Affected
| ||||||