VYPR
High severityNVD Advisory· Published Mar 3, 2023· Updated Dec 16, 2025

CVE-2023-27561

CVE-2023-27561

Description

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/opencontainers/runcGo
>= 1.0.0-rc95, < 1.1.51.1.5

Affected products

69

Patches

Vulnerability mechanics

References

24

News mentions

0

No linked articles in our index yet.