{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-19921", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-05T02:32:09.419Z", "dateReserved": "2019-12-22T00:00:00", "datePublished": "2020-02-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-16T00:00:00"}, "descriptions": [{"lang": "en", "value": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/opencontainers/runc/releases"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2019-19921"}, {"url": "https://github.com/opencontainers/runc/issues/2197"}, {"url": "https://github.com/opencontainers/runc/pull/2190"}, {"name": "openSUSE-SU-2020:0219", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html"}, {"name": "RHSA-2020:0688", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0688"}, {"name": "RHSA-2020:0695", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0695"}, {"name": "GLSA-202003-21", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202003-21"}, {"name": "USN-4297-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4297-1/"}, {"name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"}, {"name": "FEDORA-2023-1bcbb1db39", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/"}, {"name": "FEDORA-2023-3cccbc4c95", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/"}, {"name": "FEDORA-2023-1ba499965f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/"}, {"name": "FEDORA-2023-9edf2145fb", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/"}, {"name": "FEDORA-2023-6e6d9065e0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:32:09.419Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/opencontainers/runc/releases", "tags": ["x_transferred"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2019-19921", "tags": ["x_transferred"]}, {"url": "https://github.com/opencontainers/runc/issues/2197", "tags": ["x_transferred"]}, {"url": "https://github.com/opencontainers/runc/pull/2190", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2020:0219", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html"}, {"name": "RHSA-2020:0688", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0688"}, {"name": "RHSA-2020:0695", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0695"}, {"name": "GLSA-202003-21", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-21"}, {"name": "USN-4297-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4297-1/"}, {"name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"}, {"name": "FEDORA-2023-1bcbb1db39", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/"}, {"name": "FEDORA-2023-3cccbc4c95", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/"}, {"name": "FEDORA-2023-1ba499965f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/"}, {"name": "FEDORA-2023-9edf2145fb", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/"}, {"name": "FEDORA-2023-6e6d9065e0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5", "versionEndIncluding": "0.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "949172CC-EBB5-47F6-B987-207C802EED0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "093326B1-448C-4E3B-886D-CAC8B6813BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "F672C421-789D-4F21-B483-DA3EB251BA1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "E13C190A-D7CE-4204-8CEF-B7317D3FFBF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8:*:*:*:*:*:*", "matchCriteriaId": "15AEA3E2-A82F-4562-AFE6-B83A767B94E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc9:*:*:*:*:*:*", "matchCriteriaId": "EB5109FF-7C41-477E-B817-F63F06D866C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C85A84D-A70F-4B02-9E5D-CD9660ABF048", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)"}, {"lang": "es", "value": "runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el archivo libcontainer/rootfs_linux.go. Para explotar esto, un atacante debe ser capaz de generar dos contenedores con configuraciones de montaje de volumen personalizadas y ser capaz de ejecutar im\u00e1genes personalizadas. (Esta vulnerabilidad no afecta a Docker debido a un detalle de implementaci\u00f3n que bloquea el ataque)."}], "id": "CVE-2019-19921", "lastModified": "2023-11-07T03:07:52.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T15:15:12.210", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0688"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0695"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/opencontainers/runc/issues/2197"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/opencontainers/runc/pull/2190"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/opencontainers/runc/releases"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2019-19921"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-21"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4297-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-706"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0942", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "runc-0:1.0.0-66.rc8.el7_7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:1650", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8020020200324071414.0d58ad57", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:0695", "cpe": "cpe:/a:redhat:openshift:4.1::el8", "package": "runc-0:1.0.0-63.rc8.rhaos4.1.git3cbe540.el8_0", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2020-03-12T00:00:00Z"}, {"advisory": "RHSA-2020:0688", "cpe": "cpe:/a:redhat:openshift:4.2::el8", "package": "runc-0:1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2020-03-10T00:00:00Z"}, {"advisory": "RHSA-2020:1485", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "runc-0:1.0.0-66.rc10.rhaos4.3.el7_8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-04-20T00:00:00Z"}], "bugzilla": {"description": "runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation", "id": "1796107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796107"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-41", "details": ["runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)", "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-19921", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "docker", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:1.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:2.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2019-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-19921\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19921"], "statement": "For Red Hat OpenStack Platform, because runc is not directly used by the director-operator, no update will be provided at this time for the operator containers.", "threat_severity": "Moderate", "upstream_fix": "runc 1.0.0-rc10"}