A vulnerability has been found in runC which could result in privilege escalation.
|Package||app-emulation/runc on all architectures|
|Affected versions||< 1.0.0_rc95|
|Unaffected versions||>= 1.0.0_rc95|
runC is a CLI tool for spawning and running containers according to the OCI specification.
A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied.
An attacker may be able to escalation privileges to gain access to the host system.
There is no known workaround at this time.
All runC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/runc-1.0.0_rc95"
July 10, 2021
July 10, 2021: 1