Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges.
{ "availability": "No subscription required", "binaries": [ { "runc": "1.0.0~rc93-0ubuntu1~18.04.2", "runc-dbgsym": "1.0.0~rc93-0ubuntu1~18.04.2", "golang-github-opencontainers-runc-dev": "1.0.0~rc93-0ubuntu1~18.04.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "runc": "1.0.0~rc93-0ubuntu1~20.04.2", "runc-dbgsym": "1.0.0~rc93-0ubuntu1~20.04.2", "golang-github-opencontainers-runc-dev": "1.0.0~rc93-0ubuntu1~20.04.2" } ] }