CVE-2024-21626

Name
CVE-2024-21626
Description
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
security-advisories@github.com https://github.com/opencontainers/runc/releases/tag/v1.1.12
security-advisories@github.com https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
security-advisories@github.com http://www.openwall.com/lists/oss-security/2024/02/01/1
security-advisories@github.com http://www.openwall.com/lists/oss-security/2024/02/02/3
security-advisories@github.com http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
security-advisories@github.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
security-advisories@github.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
security-advisories@github.com https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:* runc >= None < 1.1.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
runc edge-community 1.1.12-r0 Jake Buchholz Göktürk <tomalok@gmail.com> fixed
runc edge-community 1.1.4-r7 Jake Buchholz Göktürk <tomalok@gmail.com> possibly vulnerable
runc edge-community 1.1.4-r0 Jake Buchholz Göktürk <tomalok@gmail.com> possibly vulnerable
runc edge-community 1.1.2-r0 Jake Buchholz Göktürk <tomalok@gmail.com> possibly vulnerable
runc edge-community 1.0.3-r0 Jake Buchholz Göktürk <tomalok@gmail.com> possibly vulnerable
runc edge-community 1.0.0_rc95-r0 Jake Buchholz <tomalok@gmail.com> possibly vulnerable
runc edge-community 1.0.0_rc10-r0 None possibly vulnerable
runc edge-community 1.0.0_rc9-r0 None possibly vulnerable
runc edge-community 1.0.0_rc7-r0 None possibly vulnerable
runc edge-community 1.0.0-r0 Jake Buchholz <tomalok@gmail.com> possibly vulnerable
runc 3.22-community 1.1.12-r0 None fixed
runc 3.22-community 1.1.4-r7 None possibly vulnerable
runc 3.22-community 1.1.4-r0 None possibly vulnerable
runc 3.22-community 1.1.2-r0 None possibly vulnerable
runc 3.22-community 1.0.3-r0 None possibly vulnerable
runc 3.22-community 1.0.0_rc95-r0 None possibly vulnerable
runc 3.22-community 1.0.0_rc10-r0 None possibly vulnerable
runc 3.22-community 1.0.0_rc9-r0 None possibly vulnerable
runc 3.22-community 1.0.0_rc7-r0 None possibly vulnerable
runc 3.21-community 1.1.12-r0 None fixed
runc 3.20-community 1.1.12-r0 None fixed
runc 3.19-community 1.1.12-r0 Jake Buchholz Göktürk <tomalok@gmail.com> fixed