Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-43784 (GCVE-0-2021-43784)
Vulnerability from cvelistv5 – Published: 2021-12-06 00:00 – Updated: 2024-10-15 17:14
VLAI
EPSS
Title
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration
Summary
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opencontainers | runc |
Affected:
< 1.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"name": "[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:32.113665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:14:20.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "runc",
"vendor": "opencontainers",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T03:06:18.060Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"name": "[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"source": {
"advisory": "GHSA-v95c-p5hm-xq8f",
"discovery": "UNKNOWN"
},
"title": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43784",
"datePublished": "2021-12-06T00:00:00.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-10-15T17:14:20.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-43784",
"date": "2026-06-05",
"epss": "0.00115",
"percentile": "0.29799"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-43784\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-12-06T18:15:08.240\",\"lastModified\":\"2024-11-21T06:29:46.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.\"},{\"lang\":\"es\",\"value\":\"runc es una herramienta CLI para generar y ejecutar contenedores en Linux seg\u00fan la especificaci\u00f3n OCI. En runc, netlink es usado internamente como un sistema de serializaci\u00f3n para especificar la configuraci\u00f3n relevante del contenedor a la porci\u00f3n \\\"C\\\" del c\u00f3digo (responsable de la configuraci\u00f3n del espacio de nombres basado en los contenedores). En todas las versiones de runc anteriores a la 1.0.3, el codificador no manejaba la posibilidad de un desbordamiento de enteros en el campo de longitud de 16 bits para el tipo de atributo de matriz de bytes, lo que significaba que un atributo de matriz de bytes suficientemente grande y malicioso pod\u00eda provocar el desbordamiento de la longitud y que el contenido del atributo fuera analizado como mensajes netlink para la configuraci\u00f3n del contenedor. Esta vulnerabilidad requiere que el atacante tenga cierto control sobre la configuraci\u00f3n del contenedor y le permitir\u00eda saltarse las restricciones de espacio de nombres del contenedor simplemente a\u00f1adiendo su propia carga \u00fatil de netlink que deshabilita todos los espacios de nombres. Los principales usuarios afectados son aquellos que permiten la ejecuci\u00f3n de im\u00e1genes no confiables con configuraciones no confiables en sus m\u00e1quinas (como en el caso de la infraestructura de nube compartida). runc versi\u00f3n 1.0.3 contiene una correcci\u00f3n para este bug. Como soluci\u00f3n, puede intentarse deshabilitar las rutas de espacios de nombres no confiables de su contenedor. Tenga en cuenta que las rutas de espacios de nombres no confiables permitir\u00edan al atacante deshabilitar las protecciones de espacios de nombres por completo incluso en ausencia de este bug\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.3\",\"matchCriteriaId\":\"0EDE92EF-36C3-48E0-ADCF-FFAB45F903F2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\", \"name\": \"[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:03:08.907Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-43784\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:09:32.113665Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T17:11:06.042Z\"}}], \"cna\": {\"title\": \"Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration\", \"source\": {\"advisory\": \"GHSA-v95c-p5hm-xq8f\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"opencontainers\", \"product\": \"runc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.0.3\"}]}], \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\"}, {\"url\": \"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\"}, {\"url\": \"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\"}, {\"url\": \"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\"}, {\"url\": \"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\", \"name\": \"[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-19T03:06:18.060Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-43784\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T17:14:20.240Z\", \"dateReserved\": \"2021-11-16T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2021-12-06T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GSD-2021-43784
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-43784",
"description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"id": "GSD-2021-43784",
"references": [
"https://www.suse.com/security/cve/CVE-2021-43784.html",
"https://advisories.mageia.org/CVE-2021-43784.html",
"https://security.archlinux.org/CVE-2021-43784",
"https://packetstormsecurity.com/files/cve/CVE-2021-43784"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-43784"
],
"details": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"id": "GSD-2021-43784",
"modified": "2023-12-13T01:23:26.489370Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43784",
"STATE": "PUBLIC",
"TITLE": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "runc",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.3"
}
]
}
}
]
},
"vendor_name": "opencontainers"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"refsource": "CONFIRM",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"name": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554",
"refsource": "MISC",
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"name": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae",
"refsource": "MISC",
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"name": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed",
"refsource": "MISC",
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"name": "[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
]
},
"source": {
"advisory": "GHSA-v95c-p5hm-xq8f",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.3",
"affected_versions": "All versions before 1.0.3",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-190",
"CWE-937"
],
"date": "2021-12-08",
"description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"fixed_versions": [
"1.0.3"
],
"identifier": "CVE-2021-43784",
"identifiers": [
"GHSA-v95c-p5hm-xq8f",
"CVE-2021-43784"
],
"not_impacted": "All versions starting from 1.0.3",
"package_slug": "go/github.com/opencontainers/runc",
"pubdate": "2021-12-07",
"solution": "Upgrade to version 1.0.3 or above.",
"title": "Integer Overflow or Wraparound",
"urls": [
"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554",
"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae",
"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241",
"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html",
"https://github.com/advisories/GHSA-v95c-p5hm-xq8f"
],
"uuid": "dbf17836-609e-4c76-a93e-63376347bc45"
},
{
"affected_range": "\u003cv1.0.3",
"affected_versions": "All versions before 1.0.3",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-190",
"CWE-937"
],
"date": "2021-12-08",
"description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc, the encoder does not handle the possibility of an integer overflow in the length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"fixed_versions": [
"v1.0.3"
],
"identifier": "CVE-2021-43784",
"identifiers": [
"CVE-2021-43784",
"GHSA-v95c-p5hm-xq8f"
],
"not_impacted": "",
"package_slug": "go/github.com/opencontainers/runc/libcontainer",
"pubdate": "2021-12-06",
"solution": "Upgrade to version 1.0.3 or above.",
"title": "Integer Overflow or Wraparound",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae",
"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554",
"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed",
"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241",
"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
],
"uuid": "30f2ef84-bc48-42f8-9b38-ba5ff95f4eac",
"versions": [
{
"commit": {
"sha": "e4bccdbd64361ac5ea8ba90bb8845add78f957a6",
"tags": [
"v1.0.3"
],
"timestamp": "20211203081737"
},
"number": "v1.0.3"
}
]
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDE92EF-36C3-48E0-ADCF-FFAB45F903F2",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
},
{
"lang": "es",
"value": "runc es una herramienta CLI para generar y ejecutar contenedores en Linux seg\u00fan la especificaci\u00f3n OCI. En runc, netlink es usado internamente como un sistema de serializaci\u00f3n para especificar la configuraci\u00f3n relevante del contenedor a la porci\u00f3n \"C\" del c\u00f3digo (responsable de la configuraci\u00f3n del espacio de nombres basado en los contenedores). En todas las versiones de runc anteriores a la 1.0.3, el codificador no manejaba la posibilidad de un desbordamiento de enteros en el campo de longitud de 16 bits para el tipo de atributo de matriz de bytes, lo que significaba que un atributo de matriz de bytes suficientemente grande y malicioso pod\u00eda provocar el desbordamiento de la longitud y que el contenido del atributo fuera analizado como mensajes netlink para la configuraci\u00f3n del contenedor. Esta vulnerabilidad requiere que el atacante tenga cierto control sobre la configuraci\u00f3n del contenedor y le permitir\u00eda saltarse las restricciones de espacio de nombres del contenedor simplemente a\u00f1adiendo su propia carga \u00fatil de netlink que deshabilita todos los espacios de nombres. Los principales usuarios afectados son aquellos que permiten la ejecuci\u00f3n de im\u00e1genes no confiables con configuraciones no confiables en sus m\u00e1quinas (como en el caso de la infraestructura de nube compartida). runc versi\u00f3n 1.0.3 contiene una correcci\u00f3n para este bug. Como soluci\u00f3n, puede intentarse deshabilitar las rutas de espacios de nombres no confiables de su contenedor. Tenga en cuenta que las rutas de espacios de nombres no confiables permitir\u00edan al atacante deshabilitar las protecciones de espacios de nombres por completo incluso en ausencia de este bug"
}
],
"id": "CVE-2021-43784",
"lastModified": "2024-02-19T03:15:07.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-06T18:15:08.240",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
MSRC_CVE-2021-43784
Vulnerability from csaf_microsoft - Published: 2021-12-02 00:00 - Updated: 2021-12-16 00:00Summary
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.0 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18944-16820 | — | ||
| Unresolved product id: 18945-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-43784 Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-43784.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration",
"tracking": {
"current_release_date": "2021-12-16T00:00:00.000Z",
"generator": {
"date": "2025-12-27T18:27:42.946Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-43784",
"initial_release_date": "2021-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-12-08T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added moby-runc to CBL-Mariner 2.0"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 moby-runc 1.1.0+azure-2",
"product": {
"name": "\u003ccm1 moby-runc 1.1.0+azure-2",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 moby-runc 1.1.0+azure-2",
"product": {
"name": "cm1 moby-runc 1.1.0+azure-2",
"product_id": "18944"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 moby-runc 1.1.0-1",
"product": {
"name": "\u003ccbl2 moby-runc 1.1.0-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 moby-runc 1.1.0-1",
"product": {
"name": "cbl2 moby-runc 1.1.0-1",
"product_id": "18945"
}
}
],
"category": "product_name",
"name": "moby-runc"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 moby-runc 1.1.0+azure-2 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 moby-runc 1.1.0+azure-2 as a component of CBL Mariner 1.0",
"product_id": "18944-16820"
},
"product_reference": "18944",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 moby-runc 1.1.0-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-runc 1.1.0-1 as a component of CBL Mariner 2.0",
"product_id": "18945-17086"
},
"product_reference": "18945",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18944-16820",
"18945-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-43784 Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-43784.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-12-08T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2021-12-08T00:00:00.000Z",
"details": "1.1.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
}
]
}
OPENSUSE-SU-2021:1625-1
Vulnerability from csaf_opensuse - Published: 2021-12-26 13:06 - Updated: 2021-12-26 13:06Summary
Security update for runc
Severity
Moderate
Notes
Title of the patch: Security update for runc
Description of the patch: This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-1625
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1625",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1625-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1625-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCIUJE3F5UEWI5TYYL5CQ7SCQZU5V76Q/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1625-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCIUJE3F5UEWI5TYYL5CQ7SCQZU5V76Q/"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-26T13:06:17Z",
"generator": {
"date": "2021-12-26T13:06:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1625-1",
"initial_release_date": "2021-12-26T13:06:17Z",
"revision_history": [
{
"date": "2021-12-26T13:06:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-lp152.2.12.1.x86_64",
"product": {
"name": "runc-1.0.3-lp152.2.12.1.x86_64",
"product_id": "runc-1.0.3-lp152.2.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
},
"product_reference": "runc-1.0.3-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-26T13:06:17Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
OPENSUSE-SU-2021:4171-1
Vulnerability from csaf_opensuse - Published: 2021-12-23 08:55 - Updated: 2021-12-23 08:55Summary
Security update for runc
Severity
Moderate
Notes
Title of the patch: Security update for runc
Description of the patch: This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
Patchnames: openSUSE-SLE-15.3-2021-4171
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.3-27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-4171",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_4171-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:4171-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6DD7LA7CG2OYZJT2SOA3MHVO7GOW3ANO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:4171-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6DD7LA7CG2OYZJT2SOA3MHVO7GOW3ANO/"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-23T08:55:34Z",
"generator": {
"date": "2021-12-23T08:55:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:4171-1",
"initial_release_date": "2021-12-23T08:55:34Z",
"revision_history": [
{
"date": "2021-12-23T08:55:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.aarch64",
"product": {
"name": "runc-1.0.3-27.1.aarch64",
"product_id": "runc-1.0.3-27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.ppc64le",
"product": {
"name": "runc-1.0.3-27.1.ppc64le",
"product_id": "runc-1.0.3-27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.s390x",
"product": {
"name": "runc-1.0.3-27.1.s390x",
"product_id": "runc-1.0.3-27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.x86_64",
"product": {
"name": "runc-1.0.3-27.1.x86_64",
"product_id": "runc-1.0.3-27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le"
},
"product_reference": "runc-1.0.3-27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64",
"openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le",
"openSUSE Leap 15.3:runc-1.0.3-27.1.s390x",
"openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64",
"openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le",
"openSUSE Leap 15.3:runc-1.0.3-27.1.s390x",
"openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64",
"openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le",
"openSUSE Leap 15.3:runc-1.0.3-27.1.s390x",
"openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T08:55:34Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
OPENSUSE-SU-2024:11664-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
runc-1.0.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: runc-1.0.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the runc-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11664
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:runc-1.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "runc-1.0.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the runc-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11664",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11664-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "runc-1.0.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11664-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.aarch64",
"product": {
"name": "runc-1.0.3-1.1.aarch64",
"product_id": "runc-1.0.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.ppc64le",
"product": {
"name": "runc-1.0.3-1.1.ppc64le",
"product_id": "runc-1.0.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.s390x",
"product": {
"name": "runc-1.0.3-1.1.s390x",
"product_id": "runc-1.0.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.x86_64",
"product": {
"name": "runc-1.0.3-1.1.x86_64",
"product_id": "runc-1.0.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64"
},
"product_reference": "runc-1.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le"
},
"product_reference": "runc-1.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.s390x"
},
"product_reference": "runc-1.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
},
"product_reference": "runc-1.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64",
"openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:runc-1.0.3-1.1.s390x",
"openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64",
"openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:runc-1.0.3-1.1.s390x",
"openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64",
"openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:runc-1.0.3-1.1.s390x",
"openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
RHSA-2023:6380
Vulnerability from csaf_redhat - Published: 2023-11-07 08:47 - Updated: 2026-06-02 17:39Summary
Red Hat Security Advisory: runc security update
Severity
Moderate
Notes
Topic: An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)
* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)
* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.
5.0 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service.
6.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.
7.0 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\n* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)\n\n* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6380",
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6380.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2026-06-02T17:39:53+00:00",
"generator": {
"date": "2026-06-02T17:39:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6380",
"initial_release_date": "2023-11-07T08:47:52+00:00",
"revision_history": [
{
"date": "2023-11-07T08:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:39:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.src",
"product": {
"name": "runc-4:1.1.9-1.el9.src",
"product_id": "runc-4:1.1.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-4:1.1.9-1.el9.aarch64",
"product_id": "runc-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-4:1.1.9-1.el9.x86_64",
"product_id": "runc-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-4:1.1.9-1.el9.s390x",
"product_id": "runc-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_id": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src"
},
"product_reference": "runc-4:1.1.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2029439"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Before runC 1.0.3, the only user-controlled byte array (used to exploit this vulnerability) was the namespace paths attributes, located in runC\u0027s config.json. Having raw access to that setting would allow the attacker to disable namespace protections entirely. This issue means that in practice, it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes, resulting in the impact of this vulnerability being Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "RHBZ#2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
}
],
"release_date": "2021-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2023-25809",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: Rootless runc makes `/sys/fs/cgroup` writable",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25809"
},
{
"category": "external",
"summary": "RHBZ#2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17",
"url": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Condition 1: Unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.\nCondition 2 (very rare): add /sys/fs/cgroup to maskedPaths",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: Rootless runc makes `/sys/fs/cgroup` writable"
},
{
"cve": "CVE-2023-27561",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2023-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2175721"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: volume mount race condition (regression of CVE-2019-19921)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in runc, related to Incorrect Access Control in libcontainer/rootfs_linux.go, is classified as a moderate severity issue due to its prerequisites for exploitation and the level of access required by an attacker. To exploit this vulnerability, an attacker must have the capability to spawn two containers with custom volume-mount configurations and execute custom images within these containers. This restricts the attack vector to scenarios where an attacker already has a certain level of access to the container environment. Additionally, the vulnerability leads to an escalation of privileges, potentially allowing an attacker to gain elevated permissions on the host system. While the impact of privilege escalation is significant, the specific conditions required for successful exploitation mitigate the overall severity to moderate. \n\nThis CVE exists because of a CVE-2019-19921 regression.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27561"
},
{
"category": "external",
"summary": "RHBZ#2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561"
},
{
"category": "external",
"summary": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9",
"url": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334",
"url": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/3751",
"url": "https://github.com/opencontainers/runc/issues/3751"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: volume mount race condition (regression of CVE-2019-19921)"
},
{
"cve": "CVE-2023-28642",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182883"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The symlink vulnerability in runc allowing for the bypassing of AppArmor protections by manipulating the /proc symlink poses a moderate severity issue due to its potential impact on container isolation and security boundaries. While the exploitation requires specific mount configurations and access to the container\u0027s filesystem, it can lead to unauthorized access to host resources and potential privilege escalation within the containerized environment. This could enable attackers to compromise the integrity and confidentiality of other containers or the host system. Although the vulnerability does not allow direct remote code execution, its exploitation can result in significant security risks within containerized infrastructures, warranting a moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28642"
},
{
"category": "external",
"summary": "RHBZ#2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c",
"url": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Avoid using an untrusted container image.",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration"
}
]
}
SUSE-SU-2021:4059-1
Vulnerability from csaf_suse - Published: 2021-12-14 11:47 - Updated: 2021-12-14 11:47Summary
Security update for runc
Severity
Moderate
Notes
Title of the patch: Security update for runc
Description of the patch: This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
Patchnames: SUSE-2021-4059,SUSE-SLE-Module-Containers-12-2021-4059
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-4059,SUSE-SLE-Module-Containers-12-2021-4059",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4059-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4059-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214059-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4059-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009902.html"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-14T11:47:19Z",
"generator": {
"date": "2021-12-14T11:47:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4059-1",
"initial_release_date": "2021-12-14T11:47:19Z",
"revision_history": [
{
"date": "2021-12-14T11:47:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.aarch64",
"product": {
"name": "runc-1.0.3-16.18.1.aarch64",
"product_id": "runc-1.0.3-16.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.i586",
"product": {
"name": "runc-1.0.3-16.18.1.i586",
"product_id": "runc-1.0.3-16.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.ppc64le",
"product": {
"name": "runc-1.0.3-16.18.1.ppc64le",
"product_id": "runc-1.0.3-16.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.s390x",
"product": {
"name": "runc-1.0.3-16.18.1.s390x",
"product_id": "runc-1.0.3-16.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.x86_64",
"product": {
"name": "runc-1.0.3-16.18.1.x86_64",
"product_id": "runc-1.0.3-16.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-16.18.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le"
},
"product_reference": "runc-1.0.3-16.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-16.18.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x"
},
"product_reference": "runc-1.0.3-16.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-16.18.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
},
"product_reference": "runc-1.0.3-16.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-14T11:47:19Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
SUSE-SU-2021:4171-1
Vulnerability from csaf_suse - Published: 2021-12-23 08:55 - Updated: 2021-12-23 08:55Summary
Security update for runc
Severity
Moderate
Notes
Title of the patch: Security update for runc
Description of the patch: This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
Patchnames: SUSE-2021-4171,SUSE-SLE-Module-Containers-15-SP2-2021-4171,SUSE-SLE-Module-Containers-15-SP3-2021-4171,SUSE-SUSE-MicroOS-5.0-2021-4171,SUSE-SUSE-MicroOS-5.1-2021-4171,SUSE-Storage-7-2021-4171
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-4171,SUSE-SLE-Module-Containers-15-SP2-2021-4171,SUSE-SLE-Module-Containers-15-SP3-2021-4171,SUSE-SUSE-MicroOS-5.0-2021-4171,SUSE-SUSE-MicroOS-5.1-2021-4171,SUSE-Storage-7-2021-4171",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4171-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4171-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214171-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4171-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009939.html"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-23T08:55:23Z",
"generator": {
"date": "2021-12-23T08:55:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4171-1",
"initial_release_date": "2021-12-23T08:55:23Z",
"revision_history": [
{
"date": "2021-12-23T08:55:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.aarch64",
"product": {
"name": "runc-1.0.3-27.1.aarch64",
"product_id": "runc-1.0.3-27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.i586",
"product": {
"name": "runc-1.0.3-27.1.i586",
"product_id": "runc-1.0.3-27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.ppc64le",
"product": {
"name": "runc-1.0.3-27.1.ppc64le",
"product_id": "runc-1.0.3-27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.s390x",
"product": {
"name": "runc-1.0.3-27.1.s390x",
"product_id": "runc-1.0.3-27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.x86_64",
"product": {
"name": "runc-1.0.3-27.1.x86_64",
"product_id": "runc-1.0.3-27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le"
},
"product_reference": "runc-1.0.3-27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le"
},
"product_reference": "runc-1.0.3-27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64",
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64",
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64",
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T08:55:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…