CVE-2023-27561
Incorrect Access Control vulnerability in runc (Go)
What is CVE-2023-27561 About?
This vulnerability in runc, specifically versions 1.0.0-rc95 through 1.1.4, is an Incorrect Access Control issue that can lead to Escalation of Privileges. It allows an attacker to gain elevated permissions within the system. Exploiting this vulnerability requires specific conditions, making it moderately complex to achieve.
Affected Software
Technical Details
The vulnerability stems from a regression of CVE-2019-19921 in libcontainer/rootfs_linux.go within runc. To exploit this, an attacker must be able to spawn two containers that have custom volume-mount configurations. Additionally, the attacker needs the capability to run custom images within these containers. The incorrect access control then allows for a privilege escalation pathway due to improper handling of root filesystem operations in container environments configured in a specific manner, allowing malicious manipulation that leads to elevated privileges on the host or between containers.
What is the Impact of CVE-2023-27561?
Successful exploitation may allow attackers to gain unauthorized elevated privileges, execute arbitrary code with higher permissions, or compromise the integrity and confidentiality of containerized applications and the underlying host system.
What is the Exploitability of CVE-2023-27561?
Exploitation of this vulnerability is complex, requiring several prerequisites. An attacker needs to have local access to a system running runc and the ability to instantiate two containers. Both these containers must be configurable with custom volume-mounts, which implies a level of control over container creation parameters. Furthermore, the attacker must be able to supply and execute custom container images. There are no authentication requirements for the vulnerability itself once inside the containerization environment; rather, the ability to launch specific containers is the entry point. The primary risk factor is environments where users have sufficient permissions to deploy and configure containers flexibly, especially with custom mount options and images.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-27561?
Available Upgrade Options
- github.com/opencontainers/runc
- >1.0.0-rc95, <1.1.5 → Upgrade to 1.1.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
- https://github.com/advisories/GHSA-vpvm-3wq2-2wvm
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
- https://security.netapp.com/advisory/ntap-20241206-0004/
- https://github.com/opencontainers/runc
- https://github.com/opencontainers/runc/releases/tag/v1.1.5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
- https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
What are Similar Vulnerabilities to CVE-2023-27561?
Similar Vulnerabilities: CVE-2023-49089 , CVE-2019-16276 , CVE-2020-15257 , CVE-2021-30465 , CVE-2022-29160
