Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AppArmor bypass with symlinked /proc in runc
Vulnerability Description
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
权限预留不恰当
Vulnerability Title
runc 后置链接漏洞
Vulnerability Description
runc是一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。 runc 1.1.5之前版本存在安全漏洞,该漏洞源于当容器内的/proc与特定的挂载配置进行符号链接时可以绕过AppArmor。
CVSS Information
N/A
Vulnerability Type
N/A