Skip to main content

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2016-9962

Severity Medium
Score 6.4/10

Summary

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

  • HIGH
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • HIGH
  • HIGH
  • HIGH

CWE-362 - Race Condition

A race condition occurs in a shared memory program when two threads/processes access the same shared memory data, and at least one thread executes a write operation. This vulnerability manipulates the time to check vs. time to use (TOC/TOU) gap between the threads in the critical section to cause disorientation in the shared data. The impact can vary from compromising the confidentiality of the system to causing the system to crash or to execute arbitrary code.

Advisory Timeline

  • Published