AppArmor bypass with symlinked /proc in runc
CVE-2023-28642

6.1MEDIUM

Key Information:

Vendor: Opencontainers
Status: Runc
Vendor: CVE Published:; 29 March 2023

Summary

A security issue has been identified in runc, a widely used command-line interface for managing containers according to the OCI specification. The vulnerability arises when the /proc directory within a container is symlinked under specific mount configurations, allowing for potential AppArmor bypass. To mitigate this risk, the latest version of runc (1.1.5) has introduced measures to prevent symlinked /proc directories. Users are strongly advised to upgrade to this version to enhance their container security. For those unable to apply the update, it is crucial to avoid running container images from untrusted sources.

Affected Version(s)

runc < 1.1.5

References

https://github.com/opencontainers/runc/security/advisorie...

x_refsource_CONFIRM

https://github.com/opencontainers/runc/pull/3785

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Mar 20, 2023