runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
27 Mar 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Feb 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 15:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Tus Opensuse leap Canonical ubuntu Linux Redhat enterprise Linux Server Aus Fedoraproject fedora Redhat enterprise Linux Redhat openshift Container Platform Redhat Canonical Opensuse Fedoraproject |
|
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/ - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:4074 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-21 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220221-0004/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/ - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4297-1/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3940 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:4269 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html - Mailing List, Third Party Advisory |
21 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-09-25 18:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-16884
Mitre link : CVE-2019-16884
CVE.ORG link : CVE-2019-16884
JSON object : View
Products Affected
opensuse
- leap
linuxfoundation
- runc
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_eus
- openshift_container_platform
docker
- docker
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-863
Incorrect Authorization