Process Isolation Flaw in rkt Container Runtime by CoreOS
CVE-2019-10144

7HIGH

Key Information:

Vendor: [unknown]
Status: Rkt
Vendor: CVE Published:; 3 June 2019

What is CVE-2019-10144?

The rkt container runtime, up to version 1.30.0, suffers from a process isolation vulnerability that allows processes run via 'rkt enter' to inherit all capabilities in the execution environment. This flaw could potentially enable malicious containers to exploit host resources, leading to unauthorized access and compromise of the host system.

Affected Version(s)

rkt 1.30.0

References

https://www.twistlock.com/labs-blog/breaking-out-of-cores...

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10144

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2019
Vulnerability Reserved
Mar 27, 2019

[unknown]

What is CVE-2019-10144?

Affected Version(s)

References

CVSS V3.1

Timeline