Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-25809
Good to know:
Date: March 29, 2023
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes "/sys/fs/cgroup" writable in following conditons: 1. when runc is executed inside the user namespace, and the "config.json" does not specify the cgroup namespace to be unshared (e.g.., "(docker|podman|nerdctl) run --cgroupns=host", with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and "/sys" is mounted with "rbind, ro" (e.g., "runc spec --rootless"; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy "/sys/fs/cgroup/user.slice/..." on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace ("(docker|podman|nerdctl) run --cgroupns=private)". This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add "/sys/fs/cgroup" to "maskedPaths".
Language: Go
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Improper Preservation of Permissions
CWE-281Top Fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | NONE |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | LOW |