CVE-2023-25809:
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
2.5
CVSS ScoreBasic Information
CVE ID
GHSA ID
EPSS Score
-
CWE
Published
3/30/2023
Updated
3/30/2023
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/opencontainers/runc | go | < 1.1.5 | 1.1.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from how cgroupv2 mounts are handled in rootless mode. The original mountCgroupV2 function attempted to bind-mount cgroup paths without properly enforcing read-only permissions when cgroupns wasn't unshared. The commit diff shows critical changes to this function's error handling path, adding proper masking and read-only enforcement. The CWE-281 (Improper Preservation of Permissions) mapping confirms this is a permissions preservation issue in mount handling. The added integration test in mounts.bats specifically validates the read-only enforcement, further confirming this function was the source of the vulnerability.