|
Vulnerabilities
< Back

CVE-2023-28642

Updated on 29 Mar 2023

Severity

7.8 High severity

Details

CVSS score
7.8
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Details

Affected product:
AlmaLinux 9.2 ESU , Loki , github.com/hashicorp/consul , github.com/influxdata/telegraf , github.com/opencontainers/runc
Affected packages:
github.com/opencontainers/runc @ 0.1.1 (+5 more)
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Fixes