runc <1.1.5: AppArmor /proc Symlink Bypass in Containers
CVE-2023-28642 Published on March 29, 2023

AppArmor bypass with symlinked /proc in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Github Repository NVD

Vulnerability Analysis

CVE-2023-28642 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.


Products Associated with CVE-2023-28642

stack.watch emails you whenever new vulnerabilities are published in Linux Foundation Runc or Canonical Ubuntu Linux. Just hit a watch button to start following.

Linux Foundation Runc
 
Canonical Ubuntu Linux
 

Affected Versions

opencontainers runc Version < 1.1.5 is affected by CVE-2023-28642

Exploit Probability

EPSS
0.01%
Percentile
1.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.