CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

History

27 Mar 2023, 18:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html -

18 Feb 2023, 19:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html -

06 Apr 2022, 15:28

Type Values Removed Values Added
References (UBUNTU) https://usn.ubuntu.com/4297-1/ - (UBUNTU) https://usn.ubuntu.com/4297-1/ - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:4074 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:4074 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/ - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:3940 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:3940 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/ - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:4269 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:4269 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202003-21 - (GENTOO) https://security.gentoo.org/glsa/202003-21 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/ - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220221-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220221-0004/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

21 Feb 2022, 10:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220221-0004/ -

Information

Published : 2019-09-25 18:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-16884

Mitre link : CVE-2019-16884

CVE.ORG link : CVE-2019-16884


JSON object : View

Products Affected

redhat

  • enterprise_linux_server_tus
  • openshift_container_platform
  • enterprise_linux_eus
  • enterprise_linux_server_aus
  • enterprise_linux

linuxfoundation

  • runc

canonical

  • ubuntu_linux

opensuse

  • leap

docker

  • docker

fedoraproject

  • fedora
CWE
CWE-863

Incorrect Authorization