IBM Cloud Functions is affected by runc vulnerability
  • Functions
  • Frankfurt
    Washington DC
  • Description
    IBM Cloud Functions is affected by a security vulnerability in runc. This vulnerability might allow an attacker, who is authorized to run a process as root inside a container, to execute arbitrary commands with root privileges on the container’s host system.

    Vulnerability Details
    CVE ID: CVE-2019-5736

    Description: Runc might allow a local attacker to execute arbitrary commands on the system. It is caused by the improper handling of system file descriptors when running containers. An attacker might exploit this vulnerability by using a malicious container to overwrite the contents of the host runc binary and execute arbitrary commands with root privileges on the host system.

    CVSS Base Score: 7.7
    CVSS Temporal Score: See the X-Force Vulnerability Report for the current score.
    CVSS Environmental Score*: Undefined
    CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

    Affected Products and Versions
    All versions of IBM Cloud Functions are impacted.

    IBM Cloud Functions has been updated with a fix that addresses this vulnerability. This bulletin is for informational purposes only. Further actions are not required for IBM Cloud Functions users.

    For more information, see the following notification: