CVE-2023-28642
AppArmor Bypass vulnerability in runc (Go)
What is CVE-2023-28642 About?
This vulnerability allows for the bypass of security mechanisms like AppArmor and SELinux within containers. Attackers can exploit this by manipulating the container's /proc symlink with specific mount configurations, potentially leading to unauthorized access or privilege escalation. Exploitation is relatively easy given the specific configuration requirement.
Affected Software
Technical Details
The vulnerability arises when the /proc filesystem inside a container is symlinked with a specific mount configuration that allows for a bypass of mandatory access control systems like AppArmor and SELinux. By crafting a container image or environment where /proc is set up as a symlink in a vulnerable way, an attacker can circumvent the security policies enforced by these mechanisms. This effectively allows the contained process to escape its intended security boundaries, leading to unauthorized operations on the host or other namespaces.
What is the Impact of CVE-2023-28642?
Successful exploitation may allow attackers to bypass security restrictions, gain unauthorized access to resources, or elevate privileges, potentially compromising the host system.
What is the Exploitability of CVE-2023-28642?
Exploitation of this vulnerability requires a specific, non-default container mount configuration where /proc is symlinked. It is a local vulnerability, meaning an attacker would likely need initial access to the container. No authentication is explicitly required beyond gaining execution within the vulnerable container. The complexity is moderate, as it relies on a specific misconfiguration rather than a flaw in the security mechanism itself. Trusting an untrusted container image significantly increases the likelihood of exploitation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-28642?
Available Upgrade Options
- github.com/opencontainers/runc
- <1.1.5 → Upgrade to 1.1.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-g2j6-57v7-gm8c
- https://github.com/opencontainers/runc/pull/3785
- https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
- https://github.com/opencontainers/runc/pull/3785
- https://security.netapp.com/advisory/ntap-20241206-0005
- https://security.netapp.com/advisory/ntap-20241206-0005/
- https://nvd.nist.gov/vuln/detail/CVE-2023-28642
- https://github.com/opencontainers/runc
- https://osv.dev/vulnerability/GO-2023-1683
- https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
What are Similar Vulnerabilities to CVE-2023-28642?
Similar Vulnerabilities: CVE-2023-27561 , CVE-2022-0185 , CVE-2022-26960 , CVE-2021-3864 , CVE-2020-10751
