runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "runc": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4", "runc-dbgsym": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4", "golang-github-opencontainers-runc-dev": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4" } ] }