#VU74190 Improper access control in runc - CVE-2023-27561
Published: March 30, 2023
Vulnerability identifier: #VU74190
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-27561
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
runc
runc
Software vendor:
Open Container Initiative
Open Container Initiative
Description
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.
Remediation
Install update from vendor's website.
External links
- https://github.com/opencontainers/runc/issues/3751
- https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
- https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- https://github.com/advisories/GHSA-vpvm-3wq2-2wvm