Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-27561

HIGH
Published 2023-03-03T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-27561. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.0
/10
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.298
Higher than 29.8% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

linuxfoundation

runc

Affected Versions:

0
redhat

openshift_container_platform

Affected Versions:

4.0
redhat

enterprise_linux

Affected Versions:

9.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Opencontainers runc Incorrect Authorization vulnerability

GHSA-vpvm-3wq2-2wvm

Advisory Details

runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to `libcontainer/rootfs_linux.go`. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

Affected Packages

Go github.com/opencontainers/runc
ECOSYSTEM: ≥1.0.0-rc95 <1.1.5

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-27561
WEB https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
WEB https://github.com/opencontainers/runc/issues/3751
WEB https://github.com/opencontainers/runc/pull/3785
WEB https://security.netapp.com/advisory/ntap-20241206-0004
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
WEB https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
WEB https://github.com/opencontainers/runc/releases/tag/v1.1.5
PACKAGE https://github.com/opencontainers/runc
WEB https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9

Advisory provided by GitHub Security Advisory Database. Published: March 3, 2023, Modified: December 6, 2024

References

https://github.com/opencontainers/runc/issues/3751
https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
Published: 2023-03-03T00:00:00
Last Modified: 2024-12-06T13:09:23.914Z
Copied to clipboard!