It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. (CVE-2019-16884)
Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges. (CVE-2021-30465)
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "runc": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2", "runc-dbgsym": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2", "golang-github-opencontainers-runc-dev": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2" } ] }