Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-21626HistoryJan 31, 2024 - 10:15 p.m.
CVE-2024-21626
2024-01-3122:15:53
Debian Security Bug Tracker
security-tracker.debian.org
43
runc vulnerability
container escape
filesystem access
arbitrary overwrite
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (“attack 2”). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (“attack 1”). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (“attack 3a” and “attack 3b”). runc 1.1.12 includes patches for this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | runc | < 1.1.5+ds1-1+deb12u1 | runc_1.1.5+ds1-1+deb12u1_all.deb |
| Debian | 11 | all | runc | < 1.0.0~rc93+ds1-5+deb11u3 | runc_1.0.0~rc93+ds1-5+deb11u3_all.deb |
| Debian | 10 | all | runc | < 1.0.0~rc6+dfsg1-3+deb10u3 | runc_1.0.0~rc6+dfsg1-3+deb10u3_all.deb |
| Debian | 999 | all | runc | < 1.1.12+ds1-1 | runc_1.1.12+ds1-1_all.deb |
| Debian | 13 | all | runc | < 1.1.12+ds1-1 | runc_1.1.12+ds1-1_all.deb |
Related
nessus
nessus
EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2024-1234)
2024-03-12 00:00:00
Fedora 39 : runc (2024-900dc7f6ff)
2024-02-06 00:00:00
AlmaLinux 9 : runc (ALSA-2024:0670)
2024-02-07 00:00:00
kaspersky
kaspersky
KLA64657 PE vulnerability in Microsoft Azure
2024-02-28 00:00:00
KLA64658 PE vulnerability in Microsoft Mariner
2024-02-28 00:00:00
packetstorm
packetstorm
runc 1.1.11 File Descriptor Leak Privilege Escalation
2024-02-05 00:00:00
redos
redos
ROS-20240410-18
2024-04-10 00:00:00
cve
cve
CVE-2024-21626
2024-01-31 22:15:53
redhat
redhat
(RHSA-2024:0752) Important: container-tools:rhel8 security update
2024-02-08 17:22:59
(RHSA-2024:0759) Important: container-tools:rhel8 security update
2024-02-08 17:24:06
(RHSA-2024:0670) Important: runc security update
2024-02-02 20:51:35
cvelist
cvelist
amazon
amazon
Important: runc
2024-01-25 19:21:00
cbl_mariner
cbl_mariner
CVE-2024-21626 affecting package cri-tools for versions less than 1.28.0-5
2024-02-25 03:00:06
CVE-2024-21626 affecting package moby-runc for versions less than 1.1.9-4
2024-02-01 18:12:35
CVE-2024-21626 affecting package kubernetes for versions less than 1.28.4-3
2024-02-25 03:00:06
fedora
fedora
[SECURITY] Fedora 38 Update: runc-1.1.12-1.fc38
2024-02-11 05:39:52
[SECURITY] Fedora 39 Update: runc-1.1.12-1.fc39
2024-02-06 01:18:51
openvas
openvas
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1504)
2024-04-08 00:00:00
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1739)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1762)
2024-05-30 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc [CVE-2024-21626]
2024-03-28 22:00:56
githubexploit
githubexploit
Exploit for CVE-2024-21626
2024-02-07 07:38:22
Exploit for Exposure of Resource to Wrong Sphere in Linuxfoundation Runc
2024-04-10 09:12:06
Exploit for Exposure of Resource to Wrong Sphere in Linuxfoundation Runc
2024-03-15 10:38:27
github
github
Talos Linux ships runc vulnerable to the escape to the host attack
2024-02-02 18:11:06
osv
osv
Important: container-tools:rhel8 security update
2024-02-08 00:00:00
Talos Linux ships runc vulnerable to the escape to the host attack
2024-02-02 18:11:06
Important: runc security update
2024-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2024-21626
2024-01-31 00:00:00
metasploit
metasploit
runc (docker) File Descriptor Leak Privilege Escalation
2024-02-01 20:28:04
oraclelinux
oraclelinux
container-tools:ol8 security update
2024-02-14 00:00:00
runc security update
2024-02-05 00:00:00
runc security update
2024-02-09 00:00:00
redhatcve
redhatcve
CVE-2024-21626
2024-01-31 21:41:31
almalinux
almalinux
Important: container-tools:rhel8 security update
2024-02-08 00:00:00
Important: runc security update
2024-02-02 00:00:00
Important: container-tools:4.0 security update
2024-02-08 00:00:00
alpinelinux
alpinelinux
CVE-2024-21626
2024-01-31 22:15:53
wolfi
wolfi
CVE-2024-21626 vulnerabilities
2024-06-02 22:01:16
cgr
cgr
CVE-2024-21626 vulnerabilities
2024-05-19 03:07:16
rocky
rocky
container-tools:rhel8 security update
2024-02-12 20:17:26
veracode
veracode
Sandbox Escape
2024-02-01 12:28:33
mscve
mscve
prion
prion
Design/Logic Flaw
2024-01-31 22:15:00
zdt
zdt
runc 1.1.11 File Descriptor Leak Privilege Escalation Exploit
2024-02-05 00:00:00
attackerkb
attackerkb
CVE-2019-5736
2019-02-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2393
2024-04-11 07:16:35
thn
thn
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
2024-01-31 20:00:00
securelist
securelist
Exploits and vulnerabilities in Q1 2024
2024-05-07 10:00:39
avleonov
avleonov
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00