CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
GitHub_MCNA
6.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
linuxfoundationrunc
𝑥
< 1.1.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
runc
bullseye
1.0.0~rc93+ds1-5+deb11u5
fixed
bullseye (security)
vulnerable
bookworm
1.1.5+ds1-1+deb12u1
fixed
bookworm (security)
1.1.5+ds1-1+deb12u1
fixed
sid
1.1.15+ds1-1
fixed
trixie
1.1.15+ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
runc
lunar
Fixed 1.1.4-0ubuntu3.1
released
kinetic
Fixed 1.1.4-0ubuntu1~22.10.3
released
jammy
Fixed 1.1.4-0ubuntu1~22.04.3
released
focal
Fixed 1.1.4-0ubuntu1~20.04.3
released
bionic
Fixed 1.1.4-0ubuntu1~18.04.2
released
xenial
Fixed 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4
released
trusty
ignored
Common Weakness Enumeration
References
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
https://security.netapp.com/advisory/ntap-20241206-0005/