CVE-2023-28642: AppArmor bypass with symlinked /proc in runc

6.1 CVSS

Description

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Classification

CVE ID: CVE-2023-28642

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.1

Affected Products

Vendor: opencontainers

Product: runc

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 14.88% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
https://github.com/opencontainers/runc/pull/3785

Timeline

2024-12-07 00:30:53 UTC
CVE

AppArmor bypass with symlinked /proc in runc