Launchpad.net

CVE 2019-19921

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Related bugs and status

CVE-2019-19921 (Candidate) is related to these bugs:

Bug #1817336: [MIR] runc

Summary				In	Importance	Status
	1817336	[MIR] runc		runc (Ubuntu)	Undecided	Fix Released
	1817336	[MIR] runc		runc-app (Ubuntu)	Undecided	Fix Released

Bug #1863669: update to docker 19.03.6 and runc 1.0.0-rc10

		In	Importance	Status
1863669	update to docker 19.03.6 and runc 1.0.0-rc10	docker.io (Ubuntu)	Undecided	Fix Released
1863669	update to docker 19.03.6 and runc 1.0.0-rc10	runc (Ubuntu)	Undecided	Fix Released
1863669	update to docker 19.03.6 and runc 1.0.0-rc10	docker.io (Ubuntu Eoan)	Undecided	Fix Released
1863669	update to docker 19.03.6 and runc 1.0.0-rc10	runc (Ubuntu Eoan)	Undecided	Fix Released
1863669	update to docker 19.03.6 and runc 1.0.0-rc10	docker.io (Ubuntu Bionic)	Undecided	Fix Released
1863669	update to docker 19.03.6 and runc 1.0.0-rc10	runc (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-19921

Related bugs and status

Related bugs

References