Back to bug 2029439
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2021-12-06 14:13:07 UTC | Comment | 0 | updated |
| Guilherme de Almeida Suckevicz | 2021-12-06 14:13:24 UTC | Comment | 0 | updated |
| Guilherme de Almeida Suckevicz | 2021-12-06 14:14:11 UTC | Depends On | 2029440, 2029441 | |
| Guilherme de Almeida Suckevicz | 2021-12-06 14:14:35 UTC | Blocks | 2029442 | |
| Przemyslaw Roguski | 2021-12-07 13:54:20 UTC | Fixed In Version | runc 1.0.3 | |
| Przemyslaw Roguski | 2021-12-08 16:00:29 UTC | Severity | medium | low |
| Priority | medium | low | ||
| Przemyslaw Roguski | 2021-12-08 16:31:27 UTC | Doc Text | An integer overflow vulnerability has been found in runc. Due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, an attacker who is able to include a large enough malicious byte array attribute may bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. | |
| Przemyslaw Roguski | 2021-12-08 16:37:05 UTC | Depends On | 2030395 | |
| RaTasha Tillery-Smith | 2021-12-08 17:25:06 UTC | Doc Text | An integer overflow vulnerability has been found in runc. Due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, an attacker who is able to include a large enough malicious byte array attribute may bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. | An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces. |
| Stefan Cornelius | 2021-12-17 14:51:42 UTC | Depends On | 2033660, 2033658, 2033659, 2033657, 2033656 | |
| Florencio Cano | 2021-12-23 13:08:57 UTC | CC | crarobin, jmadigan, ngough, pamccart | |
| Florencio Cano | 2021-12-23 13:10:24 UTC | CC | rfreiman | |
| Florencio Cano | 2021-12-23 13:13:39 UTC | Depends On | 2035281, 2035282 | |
| Red Hat Bugzilla | 2022-01-08 05:27:52 UTC | CC | jokerman | |
| Aditya Soni | 2022-02-03 04:40:47 UTC | CC | adsoni | |
| Red Hat Bugzilla | 2022-02-22 06:37:14 UTC | CC | jnakfour | |
| Red Hat Bugzilla | 2022-05-09 08:30:10 UTC | CC | aos-bugs | |
| Red Hat Bugzilla | 2022-08-02 19:04:25 UTC | CC | adsoni | |
| Red Hat Bugzilla | 2023-07-07 08:28:46 UTC | Assignee | security-response-team | nobody |
Back to bug 2029439