Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-43784 (GCVE-0-2021-43784)
Vulnerability from cvelistv5
Published
2021-12-06 00:00
Modified
2024-10-15 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| opencontainers | runc |
Version: < 1.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"name": "[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:32.113665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:14:20.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "runc",
"vendor": "opencontainers",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T03:06:18.060889",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"name": "[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"source": {
"advisory": "GHSA-v95c-p5hm-xq8f",
"discovery": "UNKNOWN"
},
"title": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43784",
"datePublished": "2021-12-06T00:00:00",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-10-15T17:14:20.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-43784\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-12-06T18:15:08.240\",\"lastModified\":\"2024-11-21T06:29:46.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.\"},{\"lang\":\"es\",\"value\":\"runc es una herramienta CLI para generar y ejecutar contenedores en Linux seg\u00fan la especificaci\u00f3n OCI. En runc, netlink es usado internamente como un sistema de serializaci\u00f3n para especificar la configuraci\u00f3n relevante del contenedor a la porci\u00f3n \\\"C\\\" del c\u00f3digo (responsable de la configuraci\u00f3n del espacio de nombres basado en los contenedores). En todas las versiones de runc anteriores a la 1.0.3, el codificador no manejaba la posibilidad de un desbordamiento de enteros en el campo de longitud de 16 bits para el tipo de atributo de matriz de bytes, lo que significaba que un atributo de matriz de bytes suficientemente grande y malicioso pod\u00eda provocar el desbordamiento de la longitud y que el contenido del atributo fuera analizado como mensajes netlink para la configuraci\u00f3n del contenedor. Esta vulnerabilidad requiere que el atacante tenga cierto control sobre la configuraci\u00f3n del contenedor y le permitir\u00eda saltarse las restricciones de espacio de nombres del contenedor simplemente a\u00f1adiendo su propia carga \u00fatil de netlink que deshabilita todos los espacios de nombres. Los principales usuarios afectados son aquellos que permiten la ejecuci\u00f3n de im\u00e1genes no confiables con configuraciones no confiables en sus m\u00e1quinas (como en el caso de la infraestructura de nube compartida). runc versi\u00f3n 1.0.3 contiene una correcci\u00f3n para este bug. Como soluci\u00f3n, puede intentarse deshabilitar las rutas de espacios de nombres no confiables de su contenedor. Tenga en cuenta que las rutas de espacios de nombres no confiables permitir\u00edan al atacante deshabilitar las protecciones de espacios de nombres por completo incluso en ausencia de este bug\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.3\",\"matchCriteriaId\":\"0EDE92EF-36C3-48E0-ADCF-FFAB45F903F2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\", \"name\": \"[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:03:08.907Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-43784\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:09:32.113665Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T17:11:06.042Z\"}}], \"cna\": {\"title\": \"Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration\", \"source\": {\"advisory\": \"GHSA-v95c-p5hm-xq8f\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"opencontainers\", \"product\": \"runc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.0.3\"}]}], \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f\"}, {\"url\": \"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554\"}, {\"url\": \"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae\"}, {\"url\": \"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed\"}, {\"url\": \"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html\", \"name\": \"[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-19T03:06:18.060889\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-43784\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T17:14:20.240Z\", \"dateReserved\": \"2021-11-16T00:00:00\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2021-12-06T00:00:00\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0841
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | Cloud Application Business Insights versions 1.1.8.x sans le correctif de sécurité ICABI FixPack 1.1.8.5 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.0.3 | ||
| IBM | N/A | Cloud Application Business Insights versions 1.1.7.x sans le correctif de sécurité ICABI FixPack 1.1.7.10 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.0.3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Application Business Insights versions 1.1.8.x sans le correctif de s\u00e9curit\u00e9 ICABI FixPack 1.1.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Application Business Insights versions 1.1.7.x sans le correctif de s\u00e9curit\u00e9 ICABI FixPack 1.1.7.10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2023-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25613"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-39249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39249"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-41993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41993"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2024-23653",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23653"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-23651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23651"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2022-34038",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34038"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-23652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23652"
},
{
"name": "CVE-2024-3727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3727"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2024-10-04T00:00:00",
"last_revision_date": "2024-10-04T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0841",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7171677",
"url": "https://www.ibm.com/support/pages/node/7171677"
},
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7171704",
"url": "https://www.ibm.com/support/pages/node/7171704"
}
]
}
CERTFR-2024-AVI-0366
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.21.0 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.21.0 | ||
| IBM | QRadar Assistant | QRadar Assistant versions antérieures à 3.7.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.3 | ||
| IBM | QRadar SIEM | QRadar SIEM sur Azure Marketplace versions antérieures à 7.3.x postérieures à 7.3.3 et antérieures à 7.5.0 avec le paquet OMI installé | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif de sécurité PH61029 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x FP2 antérieures à 11.2.4 FP3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0",
"product": {
"name": "QRadar Assistant",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2022-31116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31116"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2022-31117",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31117"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2019-14322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14322"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2019-1010083",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010083"
},
{
"name": "CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21501"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
},
{
"name": "CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"name": "CVE-2016-10745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10745"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2018-1000656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000656"
},
{
"name": "CVE-2024-25047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25047"
},
{
"name": "CVE-2021-28363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"name": "CVE-2016-10516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10516"
},
{
"name": "CVE-2020-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25032"
},
{
"name": "CVE-2021-45958",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45958"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24758"
}
],
"initial_release_date": "2024-05-03T00:00:00",
"last_revision_date": "2024-05-03T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0366",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149736"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150045"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7149967"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7149874"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150150"
}
]
}
CERTFR-2025-AVI-0590
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.3.0.x antérieures à 6.3.0.14 | ||
| IBM | Tivoli | Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent version 7.3.0 Fix Pack 4 sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 iFix 03 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions 4.7.1 antérieures à 4.7.2 | ||
| IBM | Db2 | DB2 Data Management Console versions 3.1.11 à 3.1.13.x antérieures à 3.1.13.1 | ||
| IBM | QRadar | QRadar SIEM versions 7.5.0 sans le dernier correctif de sécurité | ||
| IBM | Tivoli | Tivoli Composite Application Manager for Application Diagnostics version 7.1.0 sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.4.0.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Hybrid Edition versions 5.1 sans le correctif de sécurité PH66674 | ||
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.2.0.x antérieures à 6.2.0.28 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.14",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent version 7.3.0 Fix Pack 4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 03",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions 4.7.1 ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions 3.1.11 \u00e0 3.1.13.x ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Composite Application Manager for Application Diagnostics version 7.1.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition versions 5.1 sans le correctif de s\u00e9curit\u00e9 PH66674",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2025-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
}
],
"initial_release_date": "2025-07-11T00:00:00",
"last_revision_date": "2025-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0590",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239103",
"url": "https://www.ibm.com/support/pages/node/7239103"
},
{
"published_at": "2025-07-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239009",
"url": "https://www.ibm.com/support/pages/node/7239009"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239143",
"url": "https://www.ibm.com/support/pages/node/7239143"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239362",
"url": "https://www.ibm.com/support/pages/node/7239362"
},
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239476",
"url": "https://www.ibm.com/support/pages/node/7239476"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239247",
"url": "https://www.ibm.com/support/pages/node/7239247"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239178",
"url": "https://www.ibm.com/support/pages/node/7239178"
},
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239475",
"url": "https://www.ibm.com/support/pages/node/7239475"
}
]
}
CERTFR-2024-AVI-0350
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.0.x, migrer sur une version corrigée | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.24 | ||
| IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à 4.8.4 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.23 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de sécurité | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.7 | ||
| IBM | N/A | Db2 on Cloud Pak for Data versions antérieures à 4.8.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.0.x, migrer sur une version corrig\u00e9e",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.24",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"name": "CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2023-29827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29827"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
}
],
"initial_release_date": "2024-04-26T00:00:00",
"last_revision_date": "2024-04-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0350",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148847 du 19 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148847"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149294 du 23 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149294"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149055 du 22 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149055"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149195 du 23 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149195"
}
]
}
CERTFR-2022-AVI-591
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus versions antérieures à 10.1.11 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions antérieures à 8.1.1.15 | ||
| IBM | N/A | IBM® Db2® et Db2 Warehouse® sur Cloud Pak for Data versions antérieures à 4.5.0 | ||
| IBM | Db2 | IBM® Db2® sur Openshift versions antérieures à 11.5.7.0-cn5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus versions ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions ant\u00e9rieures \u00e0 8.1.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM\u00ae Db2\u00ae et Db2 Warehouse\u00ae sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM\u00ae Db2\u00ae sur Openshift versions ant\u00e9rieures \u00e0 11.5.7.0-cn5",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29368",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
},
{
"name": "CVE-2021-20322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
},
{
"name": "CVE-2018-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
},
{
"name": "CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2019-11249",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11249"
},
{
"name": "CVE-2020-8557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8557"
},
{
"name": "CVE-2020-7919",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7919"
},
{
"name": "CVE-2019-11247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11247"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-42248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
},
{
"name": "CVE-2018-1002105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-15112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15112"
},
{
"name": "CVE-2021-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
},
{
"name": "CVE-2021-25736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25736"
},
{
"name": "CVE-2020-27813",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27813"
},
{
"name": "CVE-2018-17848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17848"
},
{
"name": "CVE-2019-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16884"
},
{
"name": "CVE-2021-41864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2021-25735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25735"
},
{
"name": "CVE-2017-18367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18367"
},
{
"name": "CVE-2020-8564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8564"
},
{
"name": "CVE-2021-20206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
},
{
"name": "CVE-2019-11246",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11246"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2021-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3635"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2018-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1098"
},
{
"name": "CVE-2021-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
},
{
"name": "CVE-2019-11254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11254"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2020-8551",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8551"
},
{
"name": "CVE-2017-1002101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1002101"
},
{
"name": "CVE-2021-4157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4157"
},
{
"name": "CVE-2020-15106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2021-20321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20321"
},
{
"name": "CVE-2018-17142",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17142"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2020-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8552"
},
{
"name": "CVE-2021-20269",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
},
{
"name": "CVE-2020-8554",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8554"
},
{
"name": "CVE-2019-11252",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11252"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2019-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2020-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8559"
},
{
"name": "CVE-2020-10752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10752"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2020-15113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15113"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2018-17847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17847"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2020-26160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2020-8555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8555"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2018-17143",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17143"
},
{
"name": "CVE-2019-11841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11841"
},
{
"name": "CVE-2018-20699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20699"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"name": "CVE-2021-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
},
{
"name": "CVE-2019-1002101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1002101"
},
{
"name": "CVE-2021-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38201"
},
{
"name": "CVE-2021-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21781"
},
{
"name": "CVE-2022-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0850"
},
{
"name": "CVE-2021-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3538"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2021-25737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25737"
},
{
"name": "CVE-2018-17846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17846"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2021-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25741"
},
{
"name": "CVE-2018-16886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"name": "CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"name": "CVE-2019-11840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11840"
},
{
"name": "CVE-2019-11251",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11251"
},
{
"name": "CVE-2020-36067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36067"
}
],
"initial_release_date": "2022-06-30T00:00:00",
"last_revision_date": "2022-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-591",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596399 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596399"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596971 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6599703 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6599703"
}
]
}
opensuse-su-2021:4171-1
Vulnerability from csaf_opensuse
Published
2021-12-23 08:55
Modified
2021-12-23 08:55
Summary
Security update for runc
Notes
Title of the patch
Security update for runc
Description of the patch
This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
Patchnames
openSUSE-SLE-15.3-2021-4171
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-4171",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_4171-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:4171-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6DD7LA7CG2OYZJT2SOA3MHVO7GOW3ANO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:4171-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6DD7LA7CG2OYZJT2SOA3MHVO7GOW3ANO/"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-23T08:55:34Z",
"generator": {
"date": "2021-12-23T08:55:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:4171-1",
"initial_release_date": "2021-12-23T08:55:34Z",
"revision_history": [
{
"date": "2021-12-23T08:55:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.aarch64",
"product": {
"name": "runc-1.0.3-27.1.aarch64",
"product_id": "runc-1.0.3-27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.ppc64le",
"product": {
"name": "runc-1.0.3-27.1.ppc64le",
"product_id": "runc-1.0.3-27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.s390x",
"product": {
"name": "runc-1.0.3-27.1.s390x",
"product_id": "runc-1.0.3-27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.x86_64",
"product": {
"name": "runc-1.0.3-27.1.x86_64",
"product_id": "runc-1.0.3-27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le"
},
"product_reference": "runc-1.0.3-27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64",
"openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le",
"openSUSE Leap 15.3:runc-1.0.3-27.1.s390x",
"openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64",
"openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le",
"openSUSE Leap 15.3:runc-1.0.3-27.1.s390x",
"openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:runc-1.0.3-27.1.aarch64",
"openSUSE Leap 15.3:runc-1.0.3-27.1.ppc64le",
"openSUSE Leap 15.3:runc-1.0.3-27.1.s390x",
"openSUSE Leap 15.3:runc-1.0.3-27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T08:55:34Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
opensuse-su-2024:11664-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
runc-1.0.3-1.1 on GA media
Notes
Title of the patch
runc-1.0.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the runc-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11664
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "runc-1.0.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the runc-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11664",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11664-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "runc-1.0.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11664-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.aarch64",
"product": {
"name": "runc-1.0.3-1.1.aarch64",
"product_id": "runc-1.0.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.ppc64le",
"product": {
"name": "runc-1.0.3-1.1.ppc64le",
"product_id": "runc-1.0.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.s390x",
"product": {
"name": "runc-1.0.3-1.1.s390x",
"product_id": "runc-1.0.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-1.1.x86_64",
"product": {
"name": "runc-1.0.3-1.1.x86_64",
"product_id": "runc-1.0.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64"
},
"product_reference": "runc-1.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le"
},
"product_reference": "runc-1.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.s390x"
},
"product_reference": "runc-1.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
},
"product_reference": "runc-1.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64",
"openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:runc-1.0.3-1.1.s390x",
"openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64",
"openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:runc-1.0.3-1.1.s390x",
"openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.3-1.1.aarch64",
"openSUSE Tumbleweed:runc-1.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:runc-1.0.3-1.1.s390x",
"openSUSE Tumbleweed:runc-1.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
opensuse-su-2021:1625-1
Vulnerability from csaf_opensuse
Published
2021-12-26 13:06
Modified
2021-12-26 13:06
Summary
Security update for runc
Notes
Title of the patch
Security update for runc
Description of the patch
This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-1625
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1625",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1625-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1625-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCIUJE3F5UEWI5TYYL5CQ7SCQZU5V76Q/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1625-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCIUJE3F5UEWI5TYYL5CQ7SCQZU5V76Q/"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-26T13:06:17Z",
"generator": {
"date": "2021-12-26T13:06:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1625-1",
"initial_release_date": "2021-12-26T13:06:17Z",
"revision_history": [
{
"date": "2021-12-26T13:06:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-lp152.2.12.1.x86_64",
"product": {
"name": "runc-1.0.3-lp152.2.12.1.x86_64",
"product_id": "runc-1.0.3-lp152.2.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
},
"product_reference": "runc-1.0.3-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:runc-1.0.3-lp152.2.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-26T13:06:17Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
rhsa-2023_6380
Vulnerability from csaf_redhat
Published
2023-11-07 08:47
Modified
2025-01-06 19:33
Summary
Red Hat Security Advisory: runc security update
Notes
Topic
An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)
* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)
* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\n* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)\n\n* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6380",
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6380.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2025-01-06T19:33:38+00:00",
"generator": {
"date": "2025-01-06T19:33:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2023:6380",
"initial_release_date": "2023-11-07T08:47:52+00:00",
"revision_history": [
{
"date": "2023-11-07T08:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T19:33:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.src",
"product": {
"name": "runc-4:1.1.9-1.el9.src",
"product_id": "runc-4:1.1.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-4:1.1.9-1.el9.aarch64",
"product_id": "runc-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-4:1.1.9-1.el9.x86_64",
"product_id": "runc-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-4:1.1.9-1.el9.s390x",
"product_id": "runc-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_id": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src"
},
"product_reference": "runc-4:1.1.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2029439"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Before runC 1.0.3, the only user-controlled byte array (used to exploit this vulnerability) was the namespace paths attributes, located in runC\u0027s config.json. Having raw access to that setting would allow the attacker to disable namespace protections entirely. This issue means that in practice, it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes, resulting in the impact of this vulnerability being Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "RHBZ#2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
}
],
"release_date": "2021-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2023-25809",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: Rootless runc makes `/sys/fs/cgroup` writable",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25809"
},
{
"category": "external",
"summary": "RHBZ#2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17",
"url": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Condition 1: Unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.\nCondition 2 (very rare): add /sys/fs/cgroup to maskedPaths",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: Rootless runc makes `/sys/fs/cgroup` writable"
},
{
"cve": "CVE-2023-27561",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2023-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2175721"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: volume mount race condition (regression of CVE-2019-19921)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in runc, related to Incorrect Access Control in libcontainer/rootfs_linux.go, is classified as a moderate severity issue due to its prerequisites for exploitation and the level of access required by an attacker. To exploit this vulnerability, an attacker must have the capability to spawn two containers with custom volume-mount configurations and execute custom images within these containers. This restricts the attack vector to scenarios where an attacker already has a certain level of access to the container environment. Additionally, the vulnerability leads to an escalation of privileges, potentially allowing an attacker to gain elevated permissions on the host system. While the impact of privilege escalation is significant, the specific conditions required for successful exploitation mitigate the overall severity to moderate. \n\nThis CVE exists because of a CVE-2019-19921 regression.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27561"
},
{
"category": "external",
"summary": "RHBZ#2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561"
},
{
"category": "external",
"summary": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9",
"url": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334",
"url": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/3751",
"url": "https://github.com/opencontainers/runc/issues/3751"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: volume mount race condition (regression of CVE-2019-19921)"
},
{
"cve": "CVE-2023-28642",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182883"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The symlink vulnerability in runc allowing for the bypassing of AppArmor protections by manipulating the /proc symlink poses a moderate severity issue due to its potential impact on container isolation and security boundaries. While the exploitation requires specific mount configurations and access to the container\u0027s filesystem, it can lead to unauthorized access to host resources and potential privilege escalation within the containerized environment. This could enable attackers to compromise the integrity and confidentiality of other containers or the host system. Although the vulnerability does not allow direct remote code execution, its exploitation can result in significant security risks within containerized infrastructures, warranting a moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28642"
},
{
"category": "external",
"summary": "RHBZ#2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c",
"url": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Avoid using an untrusted container image.",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration"
}
]
}
RHSA-2023:6380
Vulnerability from csaf_redhat
Published
2023-11-07 08:47
Modified
2025-10-10 02:08
Summary
Red Hat Security Advisory: runc security update
Notes
Topic
An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)
* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)
* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\n* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)\n\n* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6380",
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6380.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2025-10-10T02:08:40+00:00",
"generator": {
"date": "2025-10-10T02:08:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2023:6380",
"initial_release_date": "2023-11-07T08:47:52+00:00",
"revision_history": [
{
"date": "2023-11-07T08:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T02:08:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.src",
"product": {
"name": "runc-4:1.1.9-1.el9.src",
"product_id": "runc-4:1.1.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-4:1.1.9-1.el9.aarch64",
"product_id": "runc-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-4:1.1.9-1.el9.x86_64",
"product_id": "runc-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-4:1.1.9-1.el9.s390x",
"product_id": "runc-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_id": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src"
},
"product_reference": "runc-4:1.1.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2029439"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Before runC 1.0.3, the only user-controlled byte array (used to exploit this vulnerability) was the namespace paths attributes, located in runC\u0027s config.json. Having raw access to that setting would allow the attacker to disable namespace protections entirely. This issue means that in practice, it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes, resulting in the impact of this vulnerability being Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "RHBZ#2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
}
],
"release_date": "2021-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2023-25809",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: Rootless runc makes `/sys/fs/cgroup` writable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-276: Incorrect Default Permissions vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess enforcement ensures that only authorized users can access system resources, reducing the risk of exploited default permissions. Remote access controls further limit exposure by blocking unauthorized external access, preventing attackers from leveraging misconfigured permissions. Baseline and configuration setting controls enforce secure defaults, reducing the likelihood of weak permissions at deployment. Access restrictions for change ensure only authorized personnel can modify system configurations, preventing accidental or malicious security weaknesses. Together, these controls mitigate the risk of unauthorized access, privilege escalation, and exploitation of insecure default permissions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25809"
},
{
"category": "external",
"summary": "RHBZ#2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17",
"url": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Condition 1: Unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.\nCondition 2 (very rare): add /sys/fs/cgroup to maskedPaths",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: Rootless runc makes `/sys/fs/cgroup` writable"
},
{
"cve": "CVE-2023-27561",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2023-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2175721"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: volume mount race condition (regression of CVE-2019-19921)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in runc, related to Incorrect Access Control in libcontainer/rootfs_linux.go, is classified as a moderate severity issue due to its prerequisites for exploitation and the level of access required by an attacker. To exploit this vulnerability, an attacker must have the capability to spawn two containers with custom volume-mount configurations and execute custom images within these containers. This restricts the attack vector to scenarios where an attacker already has a certain level of access to the container environment. Additionally, the vulnerability leads to an escalation of privileges, potentially allowing an attacker to gain elevated permissions on the host system. While the impact of privilege escalation is significant, the specific conditions required for successful exploitation mitigate the overall severity to moderate. \n\nThis CVE exists because of a CVE-2019-19921 regression.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27561"
},
{
"category": "external",
"summary": "RHBZ#2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561"
},
{
"category": "external",
"summary": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9",
"url": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334",
"url": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/3751",
"url": "https://github.com/opencontainers/runc/issues/3751"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: volume mount race condition (regression of CVE-2019-19921)"
},
{
"cve": "CVE-2023-28642",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182883"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The symlink vulnerability in runc allowing for the bypassing of AppArmor protections by manipulating the /proc symlink poses a moderate severity issue due to its potential impact on container isolation and security boundaries. While the exploitation requires specific mount configurations and access to the container\u0027s filesystem, it can lead to unauthorized access to host resources and potential privilege escalation within the containerized environment. This could enable attackers to compromise the integrity and confidentiality of other containers or the host system. Although the vulnerability does not allow direct remote code execution, its exploitation can result in significant security risks within containerized infrastructures, warranting a moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28642"
},
{
"category": "external",
"summary": "RHBZ#2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c",
"url": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Avoid using an untrusted container image.",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration"
}
]
}
rhsa-2023:6380
Vulnerability from csaf_redhat
Published
2023-11-07 08:47
Modified
2025-10-10 02:08
Summary
Red Hat Security Advisory: runc security update
Notes
Topic
An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)
* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)
* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\n* runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)\n\n* runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6380",
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6380.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2025-10-10T02:08:40+00:00",
"generator": {
"date": "2025-10-10T02:08:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2023:6380",
"initial_release_date": "2023-11-07T08:47:52+00:00",
"revision_history": [
{
"date": "2023-11-07T08:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T02:08:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.src",
"product": {
"name": "runc-4:1.1.9-1.el9.src",
"product_id": "runc-4:1.1.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-4:1.1.9-1.el9.aarch64",
"product_id": "runc-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-4:1.1.9-1.el9.x86_64",
"product_id": "runc-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-4:1.1.9-1.el9.s390x",
"product_id": "runc-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_id": "runc-debugsource-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_id": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.1.9-1.el9?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src"
},
"product_reference": "runc-4:1.1.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debuginfo-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.1.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
},
"product_reference": "runc-debugsource-4:1.1.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2029439"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Before runC 1.0.3, the only user-controlled byte array (used to exploit this vulnerability) was the namespace paths attributes, located in runC\u0027s config.json. Having raw access to that setting would allow the attacker to disable namespace protections entirely. This issue means that in practice, it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes, resulting in the impact of this vulnerability being Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "RHBZ#2029439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
}
],
"release_date": "2021-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2023-25809",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: Rootless runc makes `/sys/fs/cgroup` writable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-276: Incorrect Default Permissions vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess enforcement ensures that only authorized users can access system resources, reducing the risk of exploited default permissions. Remote access controls further limit exposure by blocking unauthorized external access, preventing attackers from leveraging misconfigured permissions. Baseline and configuration setting controls enforce secure defaults, reducing the likelihood of weak permissions at deployment. Access restrictions for change ensure only authorized personnel can modify system configurations, preventing accidental or malicious security weaknesses. Together, these controls mitigate the risk of unauthorized access, privilege escalation, and exploitation of insecure default permissions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25809"
},
{
"category": "external",
"summary": "RHBZ#2182884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17",
"url": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Condition 1: Unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.\nCondition 2 (very rare): add /sys/fs/cgroup to maskedPaths",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: Rootless runc makes `/sys/fs/cgroup` writable"
},
{
"cve": "CVE-2023-27561",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2023-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2175721"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: volume mount race condition (regression of CVE-2019-19921)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in runc, related to Incorrect Access Control in libcontainer/rootfs_linux.go, is classified as a moderate severity issue due to its prerequisites for exploitation and the level of access required by an attacker. To exploit this vulnerability, an attacker must have the capability to spawn two containers with custom volume-mount configurations and execute custom images within these containers. This restricts the attack vector to scenarios where an attacker already has a certain level of access to the container environment. Additionally, the vulnerability leads to an escalation of privileges, potentially allowing an attacker to gain elevated permissions on the host system. While the impact of privilege escalation is significant, the specific conditions required for successful exploitation mitigate the overall severity to moderate. \n\nThis CVE exists because of a CVE-2019-19921 regression.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27561"
},
{
"category": "external",
"summary": "RHBZ#2175721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175721"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561"
},
{
"category": "external",
"summary": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9",
"url": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334",
"url": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/issues/3751",
"url": "https://github.com/opencontainers/runc/issues/3751"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: volume mount race condition (regression of CVE-2019-19921)"
},
{
"cve": "CVE-2023-28642",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182883"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The symlink vulnerability in runc allowing for the bypassing of AppArmor protections by manipulating the /proc symlink poses a moderate severity issue due to its potential impact on container isolation and security boundaries. While the exploitation requires specific mount configurations and access to the container\u0027s filesystem, it can lead to unauthorized access to host resources and potential privilege escalation within the containerized environment. This could enable attackers to compromise the integrity and confidentiality of other containers or the host system. Although the vulnerability does not allow direct remote code execution, its exploitation can result in significant security risks within containerized infrastructures, warranting a moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28642"
},
{
"category": "external",
"summary": "RHBZ#2182883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c",
"url": "https://github.com/advisories/GHSA-g2j6-57v7-gm8c"
}
],
"release_date": "2023-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6380"
},
{
"category": "workaround",
"details": "Avoid using an untrusted container image.",
"product_ids": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.src",
"AppStream-9.3.0.GA:runc-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debuginfo-4:1.1.9-1.el9.x86_64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.aarch64",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.ppc64le",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.s390x",
"AppStream-9.3.0.GA:runc-debugsource-4:1.1.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration"
}
]
}
ghsa-v95c-p5hm-xq8f
Vulnerability from github
Published
2021-12-07 21:22
Modified
2024-05-31 17:47
Severity ?
VLAI Severity ?
Summary
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Details
Impact
In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration.
This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces.
Prior to 9c444070ec7bb83995dbc0185da68284da71c554, in practice it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes. The only user-controlled byte array was the namespace paths attributes which can be specified in runc's config.json, but as far as we can tell no container runtime gives raw access to that configuration setting -- and having raw access to that setting would allow the attacker to disable namespace protections entirely anyway (setting them to /proc/1/ns/... for instance). In addition, each namespace path is limited to 4096 bytes (with only 7 namespaces supported by runc at the moment) meaning that even with custom namespace paths it appears an attacker still cannot shove enough bytes into the netlink bytemsg in order to overflow the uint16 counter.
However, out of an abundance of caution (given how old this bug is) we decided to treat it as a potentially exploitable vulnerability with a low severity. After 9c444070ec7bb83995dbc0185da68284da71c554 (which was not present in any release of runc prior to the discovery of this bug), all mount paths are included as a giant netlink message which means that this bug becomes significantly more exploitable in more reasonable threat scenarios.
The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure), though as mentioned above it appears this bug was not practically exploitable on any released version of runc to date.
Patches
The patch for this is d72d057ba794164c3cce9451a00b72a78b25e1ae and runc 1.0.3 was released with this bug fixed.
Workarounds
To the extent this is exploitable, disallowing untrusted namespace paths in container configuration should eliminate all practical ways of exploiting this bug. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
References
- commit d72d057ba794 ("runc init: avoid netlink message length overflows")
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
Credits
Thanks to Felix Wilhelm from Google Project Zero for discovering and reporting this vulnerability. In particular, the fact they found this vulnerability so quickly, before we made a 1.1 release of runc (which would've been vulnerable) was quite impressive.
For more information
If you have any questions or comments about this advisory: * Open an issue in our repo
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/opencontainers/runc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43784"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2021-12-06T22:09:36Z",
"nvd_published_at": "2021-12-06T18:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nIn runc, [netlink](https://www.man7.org/linux/man-pages/man7/netlink.7.html) is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration.\n\nThis vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces.\n\nPrior to 9c444070ec7bb83995dbc0185da68284da71c554, in practice it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes. The only user-controlled byte array was the namespace paths attributes which can be specified in runc\u0027s `config.json`, but as far as we can tell no container runtime gives raw access to that configuration setting -- and having raw access to that setting **would allow the attacker to disable namespace protections entirely anyway** (setting them to `/proc/1/ns/...` for instance). In addition, each namespace path is limited to 4096 bytes (with only 7 namespaces supported by runc at the moment) meaning that even with custom namespace paths it appears an attacker still cannot shove enough bytes into the netlink bytemsg in order to overflow the uint16 counter.\n\nHowever, out of an abundance of caution (given how old this bug is) we decided to treat it as a potentially exploitable vulnerability with a low severity. After 9c444070ec7bb83995dbc0185da68284da71c554 (which was not present in any release of runc prior to the discovery of this bug), all mount paths are included as a giant netlink message which means that this bug becomes significantly more exploitable in more reasonable threat scenarios.\n\nThe main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure), though as mentioned above it appears this bug was not practically exploitable on any released version of runc to date.\n\n### Patches\nThe patch for this is d72d057ba794164c3cce9451a00b72a78b25e1ae and runc 1.0.3 was released with this bug fixed.\n\n### Workarounds\nTo the extent this is exploitable, disallowing untrusted namespace paths in container configuration should eliminate all practical ways of exploiting this bug. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.\n\n### References\n* commit d72d057ba794 (\"runc init: avoid netlink message length overflows\")\n* https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\n\n### Credits\nThanks to Felix Wilhelm from Google Project Zero for discovering and reporting this vulnerability. In particular, the fact they found this vulnerability so quickly, before we made a 1.1 release of runc (which would\u0027ve been vulnerable) was quite impressive.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/opencontainers/runc)\n",
"id": "GHSA-v95c-p5hm-xq8f",
"modified": "2024-05-31T17:47:57Z",
"published": "2021-12-07T21:22:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784"
},
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77"
},
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"type": "PACKAGE",
"url": "https://github.com/opencontainers/runc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0274"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC"
}
gsd-2021-43784
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-43784",
"description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"id": "GSD-2021-43784",
"references": [
"https://www.suse.com/security/cve/CVE-2021-43784.html",
"https://advisories.mageia.org/CVE-2021-43784.html",
"https://security.archlinux.org/CVE-2021-43784",
"https://packetstormsecurity.com/files/cve/CVE-2021-43784"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-43784"
],
"details": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"id": "GSD-2021-43784",
"modified": "2023-12-13T01:23:26.489370Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43784",
"STATE": "PUBLIC",
"TITLE": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "runc",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.3"
}
]
}
}
]
},
"vendor_name": "opencontainers"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"refsource": "CONFIRM",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"name": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554",
"refsource": "MISC",
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"name": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae",
"refsource": "MISC",
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"name": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed",
"refsource": "MISC",
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2841-1] runc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"name": "[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
]
},
"source": {
"advisory": "GHSA-v95c-p5hm-xq8f",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.3",
"affected_versions": "All versions before 1.0.3",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-190",
"CWE-937"
],
"date": "2021-12-08",
"description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"fixed_versions": [
"1.0.3"
],
"identifier": "CVE-2021-43784",
"identifiers": [
"GHSA-v95c-p5hm-xq8f",
"CVE-2021-43784"
],
"not_impacted": "All versions starting from 1.0.3",
"package_slug": "go/github.com/opencontainers/runc",
"pubdate": "2021-12-07",
"solution": "Upgrade to version 1.0.3 or above.",
"title": "Integer Overflow or Wraparound",
"urls": [
"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554",
"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae",
"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241",
"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html",
"https://github.com/advisories/GHSA-v95c-p5hm-xq8f"
],
"uuid": "dbf17836-609e-4c76-a93e-63376347bc45"
},
{
"affected_range": "\u003cv1.0.3",
"affected_versions": "All versions before 1.0.3",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-190",
"CWE-937"
],
"date": "2021-12-08",
"description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc, the encoder does not handle the possibility of an integer overflow in the length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"fixed_versions": [
"v1.0.3"
],
"identifier": "CVE-2021-43784",
"identifiers": [
"CVE-2021-43784",
"GHSA-v95c-p5hm-xq8f"
],
"not_impacted": "",
"package_slug": "go/github.com/opencontainers/runc/libcontainer",
"pubdate": "2021-12-06",
"solution": "Upgrade to version 1.0.3 or above.",
"title": "Integer Overflow or Wraparound",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-43784",
"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae",
"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554",
"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed",
"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241",
"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
],
"uuid": "30f2ef84-bc48-42f8-9b38-ba5ff95f4eac",
"versions": [
{
"commit": {
"sha": "e4bccdbd64361ac5ea8ba90bb8845add78f957a6",
"tags": [
"v1.0.3"
],
"timestamp": "20211203081737"
},
"number": "v1.0.3"
}
]
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDE92EF-36C3-48E0-ADCF-FFAB45F903F2",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
},
{
"lang": "es",
"value": "runc es una herramienta CLI para generar y ejecutar contenedores en Linux seg\u00fan la especificaci\u00f3n OCI. En runc, netlink es usado internamente como un sistema de serializaci\u00f3n para especificar la configuraci\u00f3n relevante del contenedor a la porci\u00f3n \"C\" del c\u00f3digo (responsable de la configuraci\u00f3n del espacio de nombres basado en los contenedores). En todas las versiones de runc anteriores a la 1.0.3, el codificador no manejaba la posibilidad de un desbordamiento de enteros en el campo de longitud de 16 bits para el tipo de atributo de matriz de bytes, lo que significaba que un atributo de matriz de bytes suficientemente grande y malicioso pod\u00eda provocar el desbordamiento de la longitud y que el contenido del atributo fuera analizado como mensajes netlink para la configuraci\u00f3n del contenedor. Esta vulnerabilidad requiere que el atacante tenga cierto control sobre la configuraci\u00f3n del contenedor y le permitir\u00eda saltarse las restricciones de espacio de nombres del contenedor simplemente a\u00f1adiendo su propia carga \u00fatil de netlink que deshabilita todos los espacios de nombres. Los principales usuarios afectados son aquellos que permiten la ejecuci\u00f3n de im\u00e1genes no confiables con configuraciones no confiables en sus m\u00e1quinas (como en el caso de la infraestructura de nube compartida). runc versi\u00f3n 1.0.3 contiene una correcci\u00f3n para este bug. Como soluci\u00f3n, puede intentarse deshabilitar las rutas de espacios de nombres no confiables de su contenedor. Tenga en cuenta que las rutas de espacios de nombres no confiables permitir\u00edan al atacante deshabilitar las protecciones de espacios de nombres por completo incluso en ausencia de este bug"
}
],
"id": "CVE-2021-43784",
"lastModified": "2024-02-19T03:15:07.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-06T18:15:08.240",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
fkie_cve-2021-43784
Vulnerability from fkie_nvd
Published
2021-12-06 18:15
Modified
2024-11-21 06:29
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://bugs.chromium.org/p/project-zero/issues/detail?id=2241 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f | Patch, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html | Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=2241 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | runc | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDE92EF-36C3-48E0-ADCF-FFAB45F903F2",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."
},
{
"lang": "es",
"value": "runc es una herramienta CLI para generar y ejecutar contenedores en Linux seg\u00fan la especificaci\u00f3n OCI. En runc, netlink es usado internamente como un sistema de serializaci\u00f3n para especificar la configuraci\u00f3n relevante del contenedor a la porci\u00f3n \"C\" del c\u00f3digo (responsable de la configuraci\u00f3n del espacio de nombres basado en los contenedores). En todas las versiones de runc anteriores a la 1.0.3, el codificador no manejaba la posibilidad de un desbordamiento de enteros en el campo de longitud de 16 bits para el tipo de atributo de matriz de bytes, lo que significaba que un atributo de matriz de bytes suficientemente grande y malicioso pod\u00eda provocar el desbordamiento de la longitud y que el contenido del atributo fuera analizado como mensajes netlink para la configuraci\u00f3n del contenedor. Esta vulnerabilidad requiere que el atacante tenga cierto control sobre la configuraci\u00f3n del contenedor y le permitir\u00eda saltarse las restricciones de espacio de nombres del contenedor simplemente a\u00f1adiendo su propia carga \u00fatil de netlink que deshabilita todos los espacios de nombres. Los principales usuarios afectados son aquellos que permiten la ejecuci\u00f3n de im\u00e1genes no confiables con configuraciones no confiables en sus m\u00e1quinas (como en el caso de la infraestructura de nube compartida). runc versi\u00f3n 1.0.3 contiene una correcci\u00f3n para este bug. Como soluci\u00f3n, puede intentarse deshabilitar las rutas de espacios de nombres no confiables de su contenedor. Tenga en cuenta que las rutas de espacios de nombres no confiables permitir\u00edan al atacante deshabilitar las protecciones de espacios de nombres por completo incluso en ausencia de este bug"
}
],
"id": "CVE-2021-43784",
"lastModified": "2024-11-21T06:29:46.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-06T18:15:08.240",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
suse-su-2021:4171-1
Vulnerability from csaf_suse
Published
2021-12-23 08:55
Modified
2021-12-23 08:55
Summary
Security update for runc
Notes
Title of the patch
Security update for runc
Description of the patch
This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
Patchnames
SUSE-2021-4171,SUSE-SLE-Module-Containers-15-SP2-2021-4171,SUSE-SLE-Module-Containers-15-SP3-2021-4171,SUSE-SUSE-MicroOS-5.0-2021-4171,SUSE-SUSE-MicroOS-5.1-2021-4171,SUSE-Storage-7-2021-4171
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-4171,SUSE-SLE-Module-Containers-15-SP2-2021-4171,SUSE-SLE-Module-Containers-15-SP3-2021-4171,SUSE-SUSE-MicroOS-5.0-2021-4171,SUSE-SUSE-MicroOS-5.1-2021-4171,SUSE-Storage-7-2021-4171",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4171-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4171-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214171-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4171-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009939.html"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-23T08:55:23Z",
"generator": {
"date": "2021-12-23T08:55:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4171-1",
"initial_release_date": "2021-12-23T08:55:23Z",
"revision_history": [
{
"date": "2021-12-23T08:55:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.aarch64",
"product": {
"name": "runc-1.0.3-27.1.aarch64",
"product_id": "runc-1.0.3-27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.i586",
"product": {
"name": "runc-1.0.3-27.1.i586",
"product_id": "runc-1.0.3-27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.ppc64le",
"product": {
"name": "runc-1.0.3-27.1.ppc64le",
"product_id": "runc-1.0.3-27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.s390x",
"product": {
"name": "runc-1.0.3-27.1.s390x",
"product_id": "runc-1.0.3-27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-27.1.x86_64",
"product": {
"name": "runc-1.0.3-27.1.x86_64",
"product_id": "runc-1.0.3-27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le"
},
"product_reference": "runc-1.0.3-27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le"
},
"product_reference": "runc-1.0.3-27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x"
},
"product_reference": "runc-1.0.3-27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64"
},
"product_reference": "runc-1.0.3-27.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-27.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64"
},
"product_reference": "runc-1.0.3-27.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64",
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64",
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.aarch64",
"SUSE Enterprise Storage 7:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Micro 5.1:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.3-27.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.3-27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T08:55:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
suse-su-2021:4059-1
Vulnerability from csaf_suse
Published
2021-12-14 11:47
Modified
2021-12-14 11:47
Summary
Security update for runc
Notes
Title of the patch
Security update for runc
Description of the patch
This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
Patchnames
SUSE-2021-4059,SUSE-SLE-Module-Containers-12-2021-4059
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.0.3. \n \n* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage\n of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)\n* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.\n* Fixed inability to start when read-only /dev in set in spec.\n* Fixed not removing sub-cgroups upon container delete, when rootless cgroup\n v2 is used with older systemd.\n* Fixed returning error from GetStats when hugetlb is unsupported (which\n causes excessive logging for kubernetes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-4059,SUSE-SLE-Module-Containers-12-2021-4059",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4059-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4059-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214059-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4059-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009902.html"
},
{
"category": "self",
"summary": "SUSE Bug 1193436",
"url": "https://bugzilla.suse.com/1193436"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43784 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43784/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2021-12-14T11:47:19Z",
"generator": {
"date": "2021-12-14T11:47:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4059-1",
"initial_release_date": "2021-12-14T11:47:19Z",
"revision_history": [
{
"date": "2021-12-14T11:47:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.aarch64",
"product": {
"name": "runc-1.0.3-16.18.1.aarch64",
"product_id": "runc-1.0.3-16.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.i586",
"product": {
"name": "runc-1.0.3-16.18.1.i586",
"product_id": "runc-1.0.3-16.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.ppc64le",
"product": {
"name": "runc-1.0.3-16.18.1.ppc64le",
"product_id": "runc-1.0.3-16.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.s390x",
"product": {
"name": "runc-1.0.3-16.18.1.s390x",
"product_id": "runc-1.0.3-16.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.3-16.18.1.x86_64",
"product": {
"name": "runc-1.0.3-16.18.1.x86_64",
"product_id": "runc-1.0.3-16.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-16.18.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le"
},
"product_reference": "runc-1.0.3-16.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-16.18.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x"
},
"product_reference": "runc-1.0.3-16.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.3-16.18.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
},
"product_reference": "runc-1.0.3-16.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43784"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43784",
"url": "https://www.suse.com/security/cve/CVE-2021-43784"
},
{
"category": "external",
"summary": "SUSE Bug 1193436 for CVE-2021-43784",
"url": "https://bugzilla.suse.com/1193436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.3-16.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-14T11:47:19Z",
"details": "moderate"
}
],
"title": "CVE-2021-43784"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…