runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. References: https://github.com/opencontainers/runc/issues/3751 https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
Created cadvisor tracking bugs for this issue: Affects: fedora-all [bug 2175995] Created golang-github-opencontainers-runc tracking bugs for this issue: Affects: fedora-all [bug 2175996] Created origin tracking bugs for this issue: Affects: fedora-all [bug 2175997] Created runc tracking bugs for this issue: Affects: fedora-all [bug 2175994]
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Ironic content for Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4093
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6380 https://access.redhat.com/errata/RHSA-2023:6380
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939