Runc Linuxfoundation Runc

stack.watch can notify you when security vulnerabilities are reported in Linuxfoundation Runc. You can add multiple products that you use with Runc to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Linuxfoundation Runc with an average score of 7.0 out of ten. Last year Runc had 1 security vulnerability published. At the current rates, it appears that the number of vulerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.50

Year Vulnerabilities Average Score
2020 1 7.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Runc vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Linuxfoundation Runc Security Vulnerabilities

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges

CVE-2019-19921 7 - High - February 12, 2020

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Use of Incorrectly-Resolved Name or Reference

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products,

CVE-2019-16884 7.5 - High - September 25, 2019

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

AuthZ