Search for vulnerabilities
Vulnerability details: VCID-sxre-t5g1-aaaj
Vulnerability ID VCID-sxre-t5g1-aaaj
Aliases CVE-2023-27561
GHSA-vpvm-3wq2-2wvm
Summary runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-706 Use of Incorrectly-Resolved Name or Reference
CWE-41 Improper Resolution of Path Equivalence
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27561.json
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2023-27561
cvssv3.1 7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.0 https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
generic_textual HIGH https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
cvssv3.1 3.6 https://github.com/opencontainers/runc
cvssv3.1 7.0 https://github.com/opencontainers/runc
generic_textual HIGH https://github.com/opencontainers/runc
generic_textual LOW https://github.com/opencontainers/runc
cvssv3.1 7.0 https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
generic_textual HIGH https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
cvssv3.1 7.0 https://github.com/opencontainers/runc/issues/3751
generic_textual HIGH https://github.com/opencontainers/runc/issues/3751
cvssv3.1 6.1 https://github.com/opencontainers/runc/pull/3785
cvssv3.1 7.0 https://github.com/opencontainers/runc/pull/3785
generic_textual HIGH https://github.com/opencontainers/runc/pull/3785
generic_textual MODERATE https://github.com/opencontainers/runc/pull/3785
cvssv3.1 7.0 https://github.com/opencontainers/runc/releases/tag/v1.1.5
generic_textual HIGH https://github.com/opencontainers/runc/releases/tag/v1.1.5
cvssv3.1 7.0 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
cvssv3.1 7.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
cvssv3 7.0 https://nvd.nist.gov/vuln/detail/CVE-2023-27561
cvssv3.1 7.0 https://nvd.nist.gov/vuln/detail/CVE-2023-27561
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-27561
cvssv3.1 7.0 https://security.netapp.com/advisory/ntap-20241206-0004
generic_textual HIGH https://security.netapp.com/advisory/ntap-20241206-0004
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27561.json
https://api.first.org/data/v1/epss?cve=CVE-2023-27561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
https://github.com/opencontainers/runc
https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
https://github.com/opencontainers/runc/issues/3751
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc/releases/tag/v1.1.5
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
https://security.netapp.com/advisory/ntap-20241206-0004
https://security.netapp.com/advisory/ntap-20241206-0004/
1033520 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033520
2175721 https://bugzilla.redhat.com/show_bug.cgi?id=2175721
cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2023-27561 https://nvd.nist.gov/vuln/detail/CVE-2023-27561
GLSA-202408-25 https://security.gentoo.org/glsa/202408-25
RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326
RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612
RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4093
RHSA-2023:6380 https://access.redhat.com/errata/RHSA-2023:6380
RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939
USN-6088-1 https://usn.ubuntu.com/6088-1/
USN-6088-2 https://usn.ubuntu.com/6088-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27561.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/opencontainers/runc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/issues/3751
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/pull/3785
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/pull/3785
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/releases/tag/v1.1.5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-27561
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-27561
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20241206-0004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22958
EPSS Score 0.00054
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.