DEBIAN-CVE-2023-25809
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-25809
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-25809.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-25809
- Upstream
- Published
- 2023-03-29T19:15:22Z
- Modified
- 2025-09-19T07:33:15.692685Z
- Summary
- [none]
- Details
-
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes
/sys/fs/cgroupwritable in following conditons: 1. when runc is executed inside the user namespace, and theconfig.jsondoes not specify the cgroup namespace to be unshared (e.g..,(docker|podman|nerdctl) run --cgroupns=host, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and/sysis mounted withrbind, ro(e.g.,runc spec --rootless; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy/sys/fs/cgroup/user.slice/...on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add/sys/fs/cgrouptomaskedPaths. - References
Affected packages
Debian:11 / runc
Package
- Name
- runc
- Purl
- pkg:deb/debian/runc?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.0~rc93+ds1-5+deb11u4
Debian:12 / runc
Package
- Name
- runc
- Purl
- pkg:deb/debian/runc?arch=source
Debian:13 / runc
Package
- Name
- runc
- Purl
- pkg:deb/debian/runc?arch=source
Debian:14 / runc
Package
- Name
- runc
- Purl
- pkg:deb/debian/runc?arch=source