runc AppArmor bypass with symlinked /proc
Moderate severity
GitHub Reviewed
Published
Mar 29, 2023
in
opencontainers/runc
•
Updated Dec 6, 2024
Package
Affected versions
< 1.1.5
Patched versions
1.1.5
Description
Published by the National Vulnerability Database
Mar 29, 2023
Published to the GitHub Advisory Database
Mar 30, 2023
Reviewed
Mar 30, 2023
Last updated
Dec 6, 2024
Impact
It was found that AppArmor, and potentially SELinux, can be bypassed when
/proc
inside the container is symlinked with a specific mount configuration.Patches
Fixed in runc v1.1.5, by prohibiting symlinked
/proc
: opencontainers/runc#3785This PR fixes CVE-2023-27561 as well.
Workarounds
Avoid using an untrusted container image.
References