/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2019-16884

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-16884

CGA ID

CGA-wqv7-w84w-3758

Severity

Unknown

Description

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs