CVE-2023-27561: 
cAdvisor vulnerability analysis and mitigation

CVE-2023-27561 is a vulnerability in runc through version 1.1.4 that leads to incorrect access control and potential privilege escalation. The vulnerability is a regression of CVE-2019-19921 and was discovered in early 2023. To exploit this vulnerability, an attacker must be able to spawn two containers with custom volume-mount configurations and run custom images (Ubuntu Security, NVD).

The vulnerability has a CVSS 3.1 base score of 7.0 (High) with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue involves a race condition in volume mounts during container initialization, where an attacker can race volume mounts by adding a symlink to the rootfs that points to a directory on the volume (GitHub Issue).

Successful exploitation of this vulnerability could lead to container breakout, allowing writes to dangerous paths like /proc/sys/kernel/core_pattern. The vulnerability enables privilege escalation and potential full system compromise through bypassing container isolation mechanisms (GitHub Issue).

The vulnerability was fixed in runc version 1.1.5 and later releases. Various Linux distributions have released security updates to address this issue, including Ubuntu, Fedora, and Red Hat. Users are advised to upgrade to the patched versions (Debian LTS, Fedora Update).