rhsa-2023_6380
Vulnerability from csaf_redhat
Published
2023-11-07 08:47
Modified
2024-11-06 04:07
Summary
Red Hat Security Advisory: runc security update
Notes
Topic
An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)
* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)
* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\n* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)\n\n* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6380", "url": "https://access.redhat.com/errata/RHSA-2023:6380" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index" }, { "category": "external", "summary": "2029439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439" }, { "category": "external", "summary": "2175721", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721" }, { "category": "external", "summary": "2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "2182883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883" }, { "category": "external", "summary": "2182884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6380.json" } ], "title": "Red Hat Security Advisory: runc security update", "tracking": { "current_release_date": "2024-11-06T04:07:43+00:00", "generator": { "date": "2024-11-06T04:07:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:6380", "initial_release_date": "2023-11-07T08:47:52+00:00", "revision_history": [ { "date": "2023-11-07T08:47:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-07T08:47:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T04:07:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "runc-4:1.1.9-1.el9.src", "product": { "name": "runc-4:1.1.9-1.el9.src", "product_id": "runc-4:1.1.9-1.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=src\u0026epoch=4" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "runc-4:1.1.9-1.el9.aarch64", "product": { "name": "runc-4:1.1.9-1.el9.aarch64", "product_id": "runc-4:1.1.9-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=aarch64\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debugsource-4:1.1.9-1.el9.aarch64", "product": { "name": "runc-debugsource-4:1.1.9-1.el9.aarch64", "product_id": "runc-debugsource-4:1.1.9-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=aarch64\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debuginfo-4:1.1.9-1.el9.aarch64", "product": { "name": "runc-debuginfo-4:1.1.9-1.el9.aarch64", "product_id": "runc-debuginfo-4:1.1.9-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=aarch64\u0026epoch=4" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "runc-4:1.1.9-1.el9.ppc64le", "product": { "name": "runc-4:1.1.9-1.el9.ppc64le", "product_id": "runc-4:1.1.9-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=ppc64le\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debugsource-4:1.1.9-1.el9.ppc64le", "product": { "name": "runc-debugsource-4:1.1.9-1.el9.ppc64le", "product_id": "runc-debugsource-4:1.1.9-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=ppc64le\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le", "product": { "name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le", "product_id": "runc-debuginfo-4:1.1.9-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=ppc64le\u0026epoch=4" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "runc-4:1.1.9-1.el9.x86_64", "product": { "name": "runc-4:1.1.9-1.el9.x86_64", "product_id": "runc-4:1.1.9-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=x86_64\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debugsource-4:1.1.9-1.el9.x86_64", "product": { "name": "runc-debugsource-4:1.1.9-1.el9.x86_64", "product_id": "runc-debugsource-4:1.1.9-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=x86_64\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debuginfo-4:1.1.9-1.el9.x86_64", "product": { "name": "runc-debuginfo-4:1.1.9-1.el9.x86_64", "product_id": "runc-debuginfo-4:1.1.9-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=x86_64\u0026epoch=4" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "runc-4:1.1.9-1.el9.s390x", "product": { "name": "runc-4:1.1.9-1.el9.s390x", "product_id": "runc-4:1.1.9-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=s390x\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debugsource-4:1.1.9-1.el9.s390x", "product": { "name": "runc-debugsource-4:1.1.9-1.el9.s390x", "product_id": "runc-debugsource-4:1.1.9-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=s390x\u0026epoch=4" } } }, { "category": "product_version", "name": "runc-debuginfo-4:1.1.9-1.el9.s390x", "product": { "name": "runc-debuginfo-4:1.1.9-1.el9.s390x", "product_id": "runc-debuginfo-4:1.1.9-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=s390x\u0026epoch=4" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "runc-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64" }, "product_reference": "runc-4:1.1.9-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le" }, "product_reference": "runc-4:1.1.9-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x" }, "product_reference": "runc-4:1.1.9-1.el9.s390x", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-4:1.1.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src" }, "product_reference": "runc-4:1.1.9-1.el9.src", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64" }, "product_reference": "runc-4:1.1.9-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64" }, "product_reference": "runc-debuginfo-4:1.1.9-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le" }, "product_reference": "runc-debuginfo-4:1.1.9-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x" }, "product_reference": "runc-debuginfo-4:1.1.9-1.el9.s390x", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64" }, "product_reference": "runc-debuginfo-4:1.1.9-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64" }, "product_reference": "runc-debugsource-4:1.1.9-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le" }, "product_reference": "runc-debugsource-4:1.1.9-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x" }, "product_reference": "runc-debugsource-4:1.1.9-1.el9.s390x", "relates_to_product_reference": "AppStream-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" }, "product_reference": "runc-debugsource-4:1.1.9-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.3.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-43784", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2021-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2029439" } ], "notes": [ { "category": "description", "text": "An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.", "title": "Vulnerability description" }, { "category": "summary", "text": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration", "title": "Vulnerability summary" }, { "category": "other", "text": "Before runC 1.0.3, the only user-controlled byte array (used to exploit this vulnerability) was the namespace paths attributes, located in runC\u0027s config.json. Having raw access to that setting would allow the attacker to disable namespace protections entirely. This issue means that in practice, it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes, resulting in the impact of this vulnerability being Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43784" }, { "category": "external", "summary": "RHBZ#2029439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43784", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f", "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f" } ], "release_date": "2021-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-07T08:47:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6380" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration" }, { "cve": "CVE-2022-41724", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178492" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: large handshake records may cause panics", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41724" }, { "category": "external", "summary": "RHBZ#2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724" }, { "category": "external", "summary": "https://go.dev/cl/468125", "url": "https://go.dev/cl/468125" }, { "category": "external", "summary": "https://go.dev/issue/58001", "url": "https://go.dev/issue/58001" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1570", "url": "https://pkg.go.dev/vuln/GO-2023-1570" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-07T08:47:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6380" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: large handshake records may cause panics" }, { "cve": "CVE-2023-25809", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2023-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182884" } ], "notes": [ { "category": "description", "text": "A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "runc: Rootless runc makes `/sys/fs/cgroup` writable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25809" }, { "category": "external", "summary": "RHBZ#2182884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25809" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17", "url": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc", "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc" } ], "release_date": "2023-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-07T08:47:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6380" }, { "category": "workaround", "details": "Condition 1: Unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.\nCondition 2 (very rare): add /sys/fs/cgroup to maskedPaths", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "runc: Rootless runc makes `/sys/fs/cgroup` writable" }, { "cve": "CVE-2023-27561", "cwe": { "id": "CWE-41", "name": "Improper Resolution of Path Equivalence" }, "discovery_date": "2023-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2175721" } ], "notes": [ { "category": "description", "text": "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.", "title": "Vulnerability description" }, { "category": "summary", "text": "runc: volume mount race condition (regression of CVE-2019-19921)", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in runc, related to Incorrect Access Control in libcontainer/rootfs_linux.go, is classified as a moderate severity issue due to its prerequisites for exploitation and the level of access required by an attacker. To exploit this vulnerability, an attacker must have the capability to spawn two containers with custom volume-mount configurations and execute custom images within these containers. This restricts the attack vector to scenarios where an attacker already has a certain level of access to the container environment. Additionally, the vulnerability leads to an escalation of privileges, potentially allowing an attacker to gain elevated permissions on the host system. While the impact of privilege escalation is significant, the specific conditions required for successful exploitation mitigate the overall severity to moderate. \n\nThis CVE exists because of a CVE-2019-19921 regression.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27561" }, { "category": "external", "summary": "RHBZ#2175721", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27561", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561" }, { "category": "external", "summary": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", "url": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", "url": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/issues/3751", "url": "https://github.com/opencontainers/runc/issues/3751" } ], "release_date": "2023-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-07T08:47:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6380" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "runc: volume mount race condition (regression of CVE-2019-19921)" }, { "cve": "CVE-2023-28642", "cwe": { "id": "CWE-305", "name": "Authentication Bypass by Primary Weakness" }, "discovery_date": "2023-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182883" } ], "notes": [ { "category": "description", "text": "A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.", "title": "Vulnerability description" }, { "category": "summary", "text": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration", "title": "Vulnerability summary" }, { "category": "other", "text": "The symlink vulnerability in runc allowing for the bypassing of AppArmor protections by manipulating the /proc symlink poses a moderate severity issue due to its potential impact on container isolation and security boundaries. While the exploitation requires specific mount configurations and access to the container\u0027s filesystem, it can lead to unauthorized access to host resources and potential privilege escalation within the containerized environment. This could enable attackers to compromise the integrity and confidentiality of other containers or the host system. Although the vulnerability does not allow direct remote code execution, its exploitation can result in significant security risks within containerized infrastructures, warranting a moderate severity rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28642" }, { "category": "external", "summary": "RHBZ#2182883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28642" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c", "url": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c" } ], "release_date": "2023-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-07T08:47:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6380" }, { "category": "workaround", "details": "Avoid using an untrusted container image.", "product_ids": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src", "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x", "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.