By the Year
In 2020 there have been 1 vulnerability in Linuxfoundation Runc with an average score of 7.0 out of ten. Last year Runc had 1 security vulnerability published. At the current rates, it appears that the number of vulerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.50
It may take a day or so for new Runc vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Linuxfoundation Runc Security Vulnerabilities
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges
7 - High
- February 12, 2020
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Use of Incorrectly-Resolved Name or Reference
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products,
7.5 - High
- September 25, 2019
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.