Security Advisories

CGA-959m-f2hx-94gg

Published

Last updated

https://images.chainguard.dev/security/CGA-959m-f2hx-94gg

Package

runc

Latest Update

Not affected

Aliases

CVE-2023-28642
GHSA-g2j6-57v7-gm8c

Severity

6.1

Medium

CVSS V3

Summary

runc AppArmor bypass with symlinked /proc

Description

Impact

It was found that AppArmor, and potentially SELinux, can be bypassed when /proc inside the container is symlinked with a specific mount configuration.

Patches

Fixed in runc v1.1.5, by prohibiting symlinked /proc: https://github.com/opencontainers/runc/pull/3785

This PR fixes CVE-2023-27561 as well.

Workarounds

Avoid using an untrusted container image.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-28642
https://github.com/advisories/GHSA-g2j6-57v7-gm8c
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-959m-f2hx-94gg

Severity

Summary

Description

Impact

Patches

Workarounds

References

Updates

Product

Why Chainguard

Customers

Company

Resources