VYPR
Moderate severityNVD Advisory· Published Mar 29, 2023· Updated Feb 12, 2025

AppArmor bypass with symlinked /proc in runc

CVE-2023-28642

Description

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/opencontainers/runcGo
< 1.1.51.1.5

Affected products

68

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.