Moderate severityNVD Advisory· Published Feb 12, 2020· Updated Aug 5, 2024
CVE-2019-19921
CVE-2019-19921
Description
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/opencontainers/runcGo | < 1.0.0-rc9.0.20200122160610-2fc03cc11c77 | 1.0.0-rc9.0.20200122160610-2fc03cc11c77 |
Affected products
49- runc/runcdescription
- osv-coords48 versionspkg:apk/chainguard/runcpkg:apk/chainguard/runc-docpkg:apk/wolfi/runcpkg:apk/wolfi/runc-docpkg:golang/github.com/opencontainers/runcpkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/python-podman-apipkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/docker-runc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/runc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
< 0+ 47 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.0-rc9.0.20200122160610-2fc03cc11c77
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.24.6-7.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.24.6-7.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 46-1.module_el8.7.0+3344+5bcd850f
- (no CPE)range: < 2:2.1.4-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.1.1-5.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:2.205.0-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.12-9.module_el8.3.0+2044+12421f43
- (no CPE)range: < 3.12-9.module_el8.4.0+2496+12421f43
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 1.8.3-1.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.9-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 4.4.0-1.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 4.4.0-1.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.2.5-2.module_el8.8.0+3468+16b86c82
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.12-9.module_el8.3.0+2044+12421f43
- (no CPE)range: < 4.0.0-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 4:1.1.9-1.el9
- (no CPE)range: < 2:1.6.2-8.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1.6.2-8.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.4.2-3.git21fdece.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 0.0.7-1.module_el8.5.0+108+00865455
- (no CPE)range: < 0.0.99.4-5.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.2.1-2.module_el8.5.0+108+00865455
- (no CPE)range: < 1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.15.1
- (no CPE)range: < 1.0.2-1.2
- (no CPE)range: < 1.4.4-16.38.1
- (no CPE)range: < 20.10.6_ce-98.66.1
- (no CPE)range: < 1.0.0rc8+gitr3917_3e425f80a8c9-1.40.1
- (no CPE)range: < 1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
- (no CPE)range: < 1.0.0~rc93-16.8.1
- (no CPE)range: < 1.0.0~rc10-1.9.1
Patches
Vulnerability mechanics
References
27- lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.htmlghsavendor-advisoryWEB
- access.redhat.com/errata/RHSA-2020:0688ghsavendor-advisoryWEB
- access.redhat.com/errata/RHSA-2020:0695ghsavendor-advisoryWEB
- github.com/advisories/GHSA-fh74-hm69-rqjwghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2019-19921ghsaADVISORY
- security.gentoo.org/glsa/202003-21ghsavendor-advisoryWEB
- usn.ubuntu.com/4297-1/mitrevendor-advisory
- github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0ghsaWEB
- github.com/opencontainers/runc/issues/2197ghsaWEB
- github.com/opencontainers/runc/pull/2190ghsaWEB
- github.com/opencontainers/runc/pull/2207ghsaWEB
- github.com/opencontainers/runc/releasesghsaWEB
- github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjwghsaWEB
- lists.debian.org/debian-lts-announce/2023/03/msg00023.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STNghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VFghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLDghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZghsaWEB
- pkg.go.dev/vuln/GO-2021-0087ghsaWEB
- security-tracker.debian.org/tracker/CVE-2019-19921ghsaWEB
- usn.ubuntu.com/4297-1ghsaWEB
News mentions
0No linked articles in our index yet.