runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T02:32:09.419Z

Reserved: 2019-12-22T00:00:00

Link: CVE-2019-19921

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-12T15:15:12.210

Modified: 2024-11-21T04:35:40.107

Link: CVE-2019-19921

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-12-21T00:00:00Z

Links: CVE-2019-19921 - Bugzilla

cve-icon OpenCVE Enrichment

No data.