CVE-2019-19921

Priority
Description
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation
of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an
attacker must be able to spawn two containers with custom volume-mount
configurations, and be able to run custom images. (This vulnerability does
not affect Docker due to an implementation detail that happens to block the
attack.)
Notes
Package
Source: runc (LP Ubuntu Debian)
Upstream:released (1.0.0~rc10)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.0~rc10-0ubuntu1~18.04.2)
Ubuntu 20.04 LTS (Focal Fossa):released (1.0.0~rc10-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):released (1.0.0~rc10-0ubuntu1)
Patches:
Upstream:https://github.com/opencontainers/runc/pull/2207/commits/3291d66b98445bd7f7d02eac7f2bca2ac2c56942
More Information

Updated: 2020-10-24 06:57:57 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)