8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.9%
Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component where an attacker could gain unauthorized access to the host filesystem (CVE-2024-21626).
CVEID: CVE-2024-21626
Description: Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an internal file descriptor leak. By persuading a victim to use a specially crafted image, an attacker could exploit this vulnerability to perform container escape to access to the host filesystem.
CVSS Base Score: 8.6
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/281085> for more information
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Red Hat OpenShift on IBM Cloud 4.14-4.14.10_1546_openshift_W
Red Hat OpenShift on IBM Cloud 4.13-4.13.30_1556_openshift_W
Red Hat OpenShift on IBM Cloud 4.12-4.12.47_1577_openshift_W
Red Hat OpenShift on IBM Cloud 4.11-4.11.57_1590_openshift_W
Red Hat OpenShift on IBM Cloud 3.11-4.10
Updates for Red Hat OpenShift on IBM Cloud cluster worker nodes at versions 4.11 or later are available that fix this vulnerability. Customers must update worker nodes created before the fix was available to address the vulnerability. For details on updating worker nodes, see either the classic or VPC documentation, as appropriate. To verify your cluster worker nodes have been updated, use the following IBM Cloud CLI command to confirm the currently running versions:
ibmcloud oc workers --cluster <cluster name or ID>
If the versions are at one of the following patch levels or later, the cluster worker nodes have the fix:
4.14.11_1547_openshift
4.13.32_1557_openshift
4.12.49_1578_openshift
4.11.58_1591_openshift
Customers running Red Hat OpenShift on IBM Cloud Service clusters at version 4.10 must upgrade to version 4.11. Please review the documentation before starting an upgrade since additional actions may be required.
Customers running Red Hat OpenShift on IBM Cloud Service clusters at version 4.9 must create a new cluster and deploy their apps to the new cluster.
Red Hat OpenShift on IBM Cloud Service 4.10 and earlier are no longer supported, and version 4.11 is deprecated with end of support due to be reached on 6th March. See the Red Hat OpenShift on IBM Cloud Service version information and update actions documentation for more information about Kubernetes versions and version support policies.
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud kubernetes service and red hat openshift on ibm cloud | eq | any |
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.9%