{ "threat_severity" : "Moderate", "public_date" : "2019-12-21T00:00:00Z", "bugzilla" : { "description" : "runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation", "id" : "1796107", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1796107" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-41", "details" : [ "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)", "A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement" : "For Red Hat OpenStack Platform, because runc is not directly used by the director-operator, no update will be provided at this time for the operator containers.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7 Extras", "release_date" : "2020-03-23T00:00:00Z", "advisory" : "RHSA-2020:0942", "cpe" : "cpe:/a:redhat:rhel_extras_other:7", "package" : "runc-0:1.0.0-66.rc8.el7_7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1650", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8020020200324071414.0d58ad57" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0695", "cpe" : "cpe:/a:redhat:openshift:4.1::el8", "package" : "runc-0:1.0.0-63.rc8.rhaos4.1.git3cbe540.el8_0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-03-10T00:00:00Z", "advisory" : "RHSA-2020:0688", "cpe" : "cpe:/a:redhat:openshift:4.2::el8", "package" : "runc-0:1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-04-20T00:00:00Z", "advisory" : "RHSA-2020:1485", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "runc-0:1.0.0-66.rc10.rhaos4.3.el7_8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "docker", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "container-tools:1.0/runc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:2.0/runc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "osp-director-provisioner-container", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "rhosp-rhel8-tech-preview/osp-director-downloader", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-19921\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19921" ], "name" : "CVE-2019-19921", "csaw" : false }