Version: latest

CVE-2019-19921

CVE Details

Visit the official vulnerability details page for CVE-2019-19921 to learn more.

Initial Publication

10/10/2025

Last Update

10/14/2025

Third Party Dependency

github.com/opencontainers/runc

NIST CVE Summary

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

CVE Severity

Our Official Summary

This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.

Status

Open

Affected Products & Versions

This CVE is non-impacting as the impacting symbol and/or function is not used in the product

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​