
Preface: runc is a CLI tool for spawning and running containers according to the OCI specification.
Vulnerability: Found vulnerability on runc affecting several open-source container management systems that leverage runc
Impact: The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level
code execution on the host. But exploit this vulnerability requires user interaction.
Remedy: Official announcement:
Redhat – https://access.redhat.com/security/vulnerabilities/runcescape
AWS – https://aws.amazon.com/security/security-bulletins/AWS-2019-002/