CVE-2019-16884
- Source
- https://cve.org/CVERecord?id=CVE-2019-16884
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16884.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-16884
- Aliases
- Downstream
- Related
- Published
- 2019-09-25T18:15:13.057Z
- Modified
- 2026-06-02T04:02:39.403832308Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*" ], "vendor_product": "docker:docker", "source": "CPE_RANGE", "extracted_events": [ { "last_affected": "19.03.2" }, { "last_affected": "19.03.2" }, { "last_affected": "19.03.2" } ] }, { "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" ], "vendor_product": "canonical:ubuntu_linux", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "19.10" } ] }, { "cpes": [ "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" ], "vendor_product": "fedoraproject:fedora", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "29" }, { "last_affected": "30" }, { "last_affected": "31" } ] }, { "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "vendor_product": "opensuse:leap", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ] }, { "extracted_events": [ { "last_affected": "8.0" } ], "vendor_product": "redhat:enterprise_linux", "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "8.1" }, { "last_affected": "8.2" }, { "last_affected": "8.4" } ], "vendor_product": "redhat:enterprise_linux_eus", "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" ] }, { "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server_aus", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "8.2" }, { "last_affected": "8.4" } ] }, { "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server_tus", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "8.2" }, { "last_affected": "8.4" } ] }, { "cpes": [ "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*" ], "vendor_product": "redhat:openshift_container_platform", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "4.1" }, { "last_affected": "4.2" } ] } ] }- References
-
- https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html
- https://access.redhat.com/errata/RHSA-2019:3940
- https://access.redhat.com/errata/RHSA-2019:4074
- https://access.redhat.com/errata/RHSA-2019:4269
- https://security.gentoo.org/glsa/202003-21
- https://security.netapp.com/advisory/ntap-20220221-0004/
- https://usn.ubuntu.com/4297-1/
- https://github.com/opencontainers/runc/issues/2128
Affected packages
Git / github.com/moby/moby
Affected ranges
- Type
- GIT
- Repo
- https://github.com/moby/moby
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "18.04" } ], "source": "CPE_STRING", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }
Affected versions
0.*
0.0.3
docs-v1.*
docs-v1.12.0-rc4-2016-07-15
upstream/0.*
upstream/0.1.2
upstream/0.1.3
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.2
v0.4.1
v0.4.2
v0.4.4
v0.4.5
v0.4.7
v0.5.0
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v18.*
v18.04.0-ce
v18.04.0-ce-rc2
Git / github.com/opencontainers/runc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opencontainers/runc
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0.0.1" }, { "last_affected": "0.1.1" }, { "introduced": "0" }, { "last_affected": "1.0.0-rc1" }, { "last_affected": "1.0.0-rc2" }, { "last_affected": "1.0.0-rc3" }, { "last_affected": "1.0.0-rc4" }, { "last_affected": "1.0.0-rc5" }, { "last_affected": "1.0.0-rc6" }, { "last_affected": "1.0.0-rc7" }, { "last_affected": "1.0.0-rc8" } ], "source": [ "CPE_RANGE", "CPE_STRING" ], "cpe": [ "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8:*:*:*:*:*:*" ] }