runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 12 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-02-12T16:02:53.406Z

Reserved: 2023-03-20T12:19:47.209Z

Link: CVE-2023-28642

cve-icon Vulnrichment

Updated: 2024-12-06T13:09:24.993Z

cve-icon NVD

Status : Modified

Published: 2023-03-29T19:15:22.397

Modified: 2024-12-06T14:15:19.250

Link: CVE-2023-28642

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-03-29T00:00:00Z

Links: CVE-2023-28642 - Bugzilla

cve-icon OpenCVE Enrichment

No data.