CVE-2023-25809

ADVISORY - github

Summary

Impact

It was found that rootless runc makes /sys/fs/cgroup writable in following conditons:

when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared (e.g.., (docker|podman|nerdctl) run --cgroupns=host, with Rootless Docker/Podman/nerdctl)
or, when runc is executed outside the user namespace, and /sys is mounted with rbind, ro (e.g., runc spec --rootless; this condition is very rare)

A container may gain the write access to user-owned cgroup hierarchy /sys/fs/cgroup/user.slice/... on the host . Other users's cgroup hierarchies are not affected.

Patches

v1.1.5 (planned)

Workarounds

Condition 1: Unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private). This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.
Condition 2 (very rare): add /sys/fs/cgroup to maskedPaths

EPSS Score⁠: 0.00044 (0.155)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-281⁠

Improper Preservation of Permissions

ADVISORY - github

CWE-281⁠

Improper Preservation of Permissions

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-281⁠

Improper Preservation of Permissions

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-276⁠

Incorrect Default Permissions

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠

CVSS SCORE

5medium

GitHub

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-m8cg-xc2p-r3fc⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠

CVSS SCORE

2.5low

Alpine

CREATED

2 years ago

UPDATED

9 months ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 years ago

UPDATED

12 days ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 years ago

UPDATED

11 months ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

2.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

GoLang

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDGO-2023-1682⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2023-25809

EXPLOITABILITY SCORE

2.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-281⁠CWE-937⁠

CVSS SCORE

6.3medium

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2023:6380⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2023:6938⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2023:6939⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2023-2023-208⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

2 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

2.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-276⁠

CVSS SCORE

6.3medium

SUSE

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

2.5low

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2023-12579⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2023-12578⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2023-6380⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2023-6939⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2023-6938⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY ID

CGA-289h-27qm-3j4j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY ID

CGA-g7rx-jxr6-8xc6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY ID

CGA-wv8f-5cm6-7x5x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CVE-2023-25809

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

intheWild

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDCVE-2023-25809⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY