Runc Linux Foundation Runc

Do you want an email whenever new security vulnerabilities are reported in Linux Foundation Runc?

By the Year

In 2021 there have been 1 vulnerability in Linux Foundation Runc with an average score of 8.5 out of ten. Last year Runc had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Runc in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 1.50.

Year Vulnerabilities Average Score
2021 1 8.50
2020 1 7.00
2019 2 8.05
2018 0 0.00

It may take a day or so for new Runc vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Foundation Runc Security Vulnerabilities

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal

CVE-2021-30465 8.5 - High - May 27, 2021

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

Directory traversal

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go

CVE-2019-19921 7 - High - February 12, 2020

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Use of Incorrectly-Resolved Name or Reference

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products

CVE-2019-16884 7.5 - High - September 25, 2019

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

AuthZ

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access

CVE-2019-5736 8.6 - High - February 11, 2019

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Shell injection

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which

CVE-2016-3697 7.8 - High - June 01, 2016

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Permissions, Privileges, and Access Controls

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse or by Linux Foundation? Click the Watch button to subscribe.

subscribe