1. Home
  2. CVE Database
  3. CVE-2016-9962
MEDIUM · 6.4

CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-de...

Vulnerability Description

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

CVSS Score

6.4

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DockerDocker>= 1.11.0, < 1.12.6

Related Weaknesses (CWE)

CWE-362

References

FAQ

What is CVE-2016-9962?

CVE-2016-9962 is a vulnerability with a CVSS score of 6.4 (MEDIUM). RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-de...

How severe is CVE-2016-9962?

CVE-2016-9962 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9962?

Check the references section above for vendor advisories and patch information. Affected products include: Docker Docker.