Google gVisors runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.