CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
dockerdocker
1.11.0 ≤
𝑥
< 1.12.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
docker.io
bookworm
20.10.24+dfsg1-1
fixed
bullseye
20.10.5+dfsg1-1+deb11u2
fixed
bullseye (security)
20.10.5+dfsg1-1+deb11u3
fixed
sid
26.1.5+dfsg1-4
fixed
trixie
26.1.5+dfsg1-2
fixed
runc
bookworm
1.1.5+ds1-1+deb12u1
fixed
bookworm (security)
1.1.5+ds1-1+deb12u1
fixed
bullseye
1.0.0~rc93+ds1-5+deb11u5
fixed
bullseye (security)
1.0.0~rc93+ds1-5+deb11u3
fixed
sid
1.1.15+ds1-1
fixed
trixie
1.1.12+ds1-5.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
docker.io
artful
Fixed 1.13.1-0ubuntu4
released
bionic
Fixed 1.13.1-0ubuntu4
released
cosmic
Fixed 1.13.1-0ubuntu4
released
disco
Fixed 1.13.1-0ubuntu4
released
precise
dne
trusty
dne
xenial
Fixed 1.13.1-0ubuntu1~16.04.1
released
yakkety
ignored
zesty
Fixed 1.13.1-0ubuntu1~17.04.1
released
runc
artful
Fixed 1.0.0~rc2+docker1.13.1-0ubuntu1
released
bionic
Fixed 1.0.0~rc2+docker1.13.1-0ubuntu1
released
cosmic
Fixed 1.0.0~rc2+docker1.13.1-0ubuntu1
released
disco
Fixed 1.0.0~rc2+docker1.13.1-0ubuntu1
released
precise
dne
trusty
dne
xenial
not-affected
yakkety
ignored
zesty
Fixed 1.0.0~rc2+docker1.12.6-0ubuntu1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
containerd
suse enterprise desktop 15 SP7
1.7.27-150000.123.1
fixed
suse enterprise sap 12
1.2.2-16.14.2
fixed
suse enterprise sap 12 SP3
1.2.2-16.14.2
fixed
suse enterprise sap 12 SP4
1.2.2-16.14.2
fixed
suse enterprise sap 12 SP5
1.2.2-16.14.2
fixed
suse enterprise sap 15 SP1
1.2.2-5.9.1
fixed
suse enterprise sap 15 SP2
1.2.10-5.19.1
fixed
suse enterprise sap 15 SP3
1.3.9-5.29.3
fixed
suse enterprise sap 15 SP4
1.4.12-150000.65.1
fixed
suse enterprise sap 15 SP5
1.6.19-150000.87.1
fixed
suse enterprise sap 15 SP6
1.7.10-150000.108.1
fixed
suse enterprise sap 15 SP7
1.7.27-150000.123.1
fixed
suse enterprise server 12
1.2.2-16.14.2
fixed
suse enterprise server 12 SP3
1.2.2-16.14.2
fixed
suse enterprise server 12 SP4
1.2.2-16.14.2
fixed
suse enterprise server 12 SP5
1.2.2-16.14.2
fixed
suse enterprise server 15 SP1
1.2.2-5.9.1
fixed
suse enterprise server 15 SP2
1.2.10-5.19.1
fixed
suse enterprise server 15 SP3
1.3.9-5.29.3
fixed
suse enterprise server 15 SP4
1.4.12-150000.65.1
fixed
suse enterprise server 15 SP5
1.6.19-150000.87.1
fixed
suse enterprise server 15 SP6
1.7.10-150000.108.1
fixed
suse enterprise server 15 SP7
1.7.27-150000.123.1
fixed
containerd-ctr
suse enterprise sap 15 SP5
1.6.19-150000.87.1
fixed
suse enterprise sap 15 SP6
1.7.10-150000.108.1
fixed
suse enterprise sap 15 SP7
1.7.27-150000.123.1
fixed
suse enterprise server 15 SP5
1.6.19-150000.87.1
fixed
suse enterprise server 15 SP6
1.7.10-150000.108.1
fixed
suse enterprise server 15 SP7
1.7.27-150000.123.1
fixed
containerd-devel
suse enterprise sap 15 SP5
1.6.19-150000.87.1
fixed
suse enterprise sap 15 SP6
1.7.10-150000.108.1
fixed
suse enterprise sap 15 SP7
1.7.27-150000.123.1
fixed
suse enterprise server 15 SP5
1.6.19-150000.87.1
fixed
suse enterprise server 15 SP6
1.7.10-150000.108.1
fixed
suse enterprise server 15 SP7
1.7.27-150000.123.1
fixed
runc
suse enterprise desktop 15 SP7
1.1.14-150000.70.1
fixed
suse enterprise sap 15 SP4
1.0.3-27.1
fixed
suse enterprise sap 15 SP5
1.1.5-150000.41.1
fixed
suse enterprise sap 15 SP6
1.1.12-150000.64.1
fixed
suse enterprise sap 15 SP7
1.1.14-150000.70.1
fixed
suse enterprise server 15 SP4
1.0.3-27.1
fixed
suse enterprise server 15 SP5
1.1.5-150000.41.1
fixed
suse enterprise server 15 SP6
1.1.12-150000.64.1
fixed
suse enterprise server 15 SP7
1.1.14-150000.70.1
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-0116.html
http://rhn.redhat.com/errata/RHSA-2017-0123.html
http://rhn.redhat.com/errata/RHSA-2017-0127.html
http://seclists.org/fulldisclosure/2017/Jan/21
http://seclists.org/fulldisclosure/2017/Jan/29
http://www.securityfocus.com/archive/1/540001/100/0/threaded
http://www.securityfocus.com/bid/95361
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
https://github.com/docker/docker/releases/tag/v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
https://security.gentoo.org/glsa/201701-34
http://rhn.redhat.com/errata/RHSA-2017-0116.html
http://rhn.redhat.com/errata/RHSA-2017-0123.html
http://rhn.redhat.com/errata/RHSA-2017-0127.html
http://seclists.org/fulldisclosure/2017/Jan/21
http://seclists.org/fulldisclosure/2017/Jan/29
http://www.securityfocus.com/archive/1/540001/100/0/threaded
http://www.securityfocus.com/bid/95361
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
https://github.com/docker/docker/releases/tag/v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
https://security.gentoo.org/glsa/201701-34