Oval Definition:	oval:org.opensuse.security:def:202327561
Revision Date: 2023-06-22 Version: 1 Title: CVE-2023-27561 Description: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2023-27561 SUSE CVE-2023-27561 SUSE-SU-2023:1726-1 SUSE-IU-2023:317-1 SUSE-IU-2023:318-1 SUSE-IU-2023:319-1 SUSE-IU-2023:347-1 SUSE-IU-2023:348-1 SUSE-IU-2023:349-1 SUSE-SU-2023:2003-1 Platform(s): SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Module for Containers 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis SUSE Linux Enterprise Micro 5.4 is installed AND docker-runc is not affected Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Containers 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information runc-1.1.5-150000.41.1 is installed OR docker-runc is not affected
BACK