CVE-2019-5736

HIGHScheduled

Published:Feb 11, 2019(7 years ago)

Modified:Nov 21, 2024

Local AccessNo Auth RequiredScope ChangesLow Complexity

Vulnerability Description

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Attack Characteristics

Local AccessLow ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
docker	docker	18.09.2	-
linuxfoundation	runc	0.1.1	-
linuxfoundation	runc	-

Timeline

Published
CVE disclosed publicly
Feb 11, 20197 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

132

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015....Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084....Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007....Mailing List

CVSS Score

v3.1

8.6/ 10.0

HIGH

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

At a Glance

Affected Products

132

References

docker / docker

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029....Mailing List

http://packetstormsecurity.com/files/163339/Docker-Container-Escape.ht...Exploit

http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execut...Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011....Mailing List

http://www.openwall.com/lists/oss-security/2019/03/23/1Mailing List

http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List

http://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List

http://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List

http://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List

http://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List

http://www.openwall.com/lists/oss-security/2024/01/31/6

http://www.openwall.com/lists/oss-security/2024/02/01/1

http://www.openwall.com/lists/oss-security/2024/02/02/3

http://www.securityfocus.com/bid/106976Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0303Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0304Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0401Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0408Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0975Third Party Advisory

https://access.redhat.com/security/cve/cve-2019-5736Third Party Advisory

https://access.redhat.com/security/vulnerabilities/runcescapeThird Party Advisory

https://aws.amazon.com/security/security-bulletins/AWS-2019-002/Third Party Advisory

https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulne...Patch

https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/Patch

https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-...Exploit

https://brauner.github.io/2019/02/12/privileged-containers.htmlExploit

https://bugzilla.suse.com/show_bug.cgi?id=1121967Issue Tracking

https://cloud.google.com/kubernetes-engine/docs/security-bulletins#feb...Third Party Advisory

https://github.com/Frichetten/CVE-2019-5736-PoCExploit

https://github.com/docker/docker-ce/releases/tag/v18.09.2Release Notes

https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398...Patch

https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770...Patch

https://github.com/q3k/cve-2019-5736-pocExploit

https://github.com/rancher/runc-cveThird Party Advisory

https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/Third Party Advisory

https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac6...

https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4...

https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d976...

https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244...

https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d...

https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3...

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d2...

https://lists.fedoraproject.org/archives/list/package-announce%40lists...

https://security.gentoo.org/glsa/202003-21Third Party Advisory

https://security.netapp.com/advisory/ntap-20190307-0008/Third Party Advisory

https://softwaresupport.softwaregrp.com/document/-/facetsearch/documen...Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=...Permissions Required

https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime...Exploit

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/...Third Party Advisory

https://usn.ubuntu.com/4048-1/Third Party Advisory

https://www.openwall.com/lists/oss-security/2019/02/11/2Mailing List

https://www.synology.com/security/advisory/Synology_SA_19_06Third Party Advisory

https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-...Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007....Mailing List