Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Azure Linux 3.0 Security Update: cri-tools / moby-runc / runc (CVE-2024-45310)

🗓️ 06 Apr 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 6 Views

Azure Linux 3.0 is vulnerable due to old cri-tools / moby-runc / runc versions impacted by CVE-2024-45310.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Open Container Initiative runc (CVE-2024-45310)
28 Mar 202520:20
ibm
IBM Security Bulletins		Security Bulletin: Arbitrary File and Directory Creation via Volume Sharing Race Condition in runc , affects watsonx.data
11 Sep 202509:01
ibm
IBM Security Bulletins		Security Bulletin: Additional security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2025.
3 May 202505:54
ibm
IBM Security Bulletins		Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to gcc, github.com/opencontainers/runc and github.com/containers/common (CVE-2024-45310, CVE-2020-11023, CVE-2024-9341)
25 Mar 202512:50
ibm
IBM Security Bulletins		Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak
9 Jun 202519:01
ibm
IBM Security Bulletins		Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for May 2026.
1 Jun 202610:46
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
26 Mar 202518:21
ibm
IBM Security Bulletins		Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-45310)
15 Apr 202503:02
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
18 May 202613:36
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
30 Apr 202510:37
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(233947);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/22");

  script_cve_id("CVE-2024-45310");

  script_name(english:"Azure Linux 3.0 Security Update: cri-tools / moby-runc / runc (CVE-2024-45310)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of cri-tools / moby-runc / runc installed on the remote Azure Linux 3.0 host is prior to tested version. It
is, therefore, affected by a vulnerability as referenced in the CVE-2024-45310 advisory.

  - runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and
    earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in
    arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a
    race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be
    truncated. An attacker must have the ability to start containers using some kind of custom volume
    configuration. Containers using user namespaces are still affected, but the scope of places an attacker
    can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can
    also in principle block this attack -- we suspect the industry standard SELinux policy May restrict this
    attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc
    directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3. Some
    workarounds are available. Using user namespaces restricts this attack fairly significantly such that the
    attacker can only create inodes in directories that the remapped root user/group has write access to.
    Unless the root user is remapped to an actual user on the host (such as with rootless containers that
    don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes
    in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict
    the scope if a specific label is applied to the runc runtime, though neither the extent to which the
    standard existing policies block this attack nor what exact policies are needed to sufficiently restrict
    this attack have been thoroughly tested. (CVE-2024-45310)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-45310");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/U:Green");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-45310");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/04/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cri-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:moby-runc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:runc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:runc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'cri-tools-1.32.0-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cri-tools-1.32.0-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'runc-1.2.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'runc-1.2.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'runc-debuginfo-1.2.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'runc-debuginfo-1.2.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-tools / moby-runc / runc / runc-debuginfo');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Jan 2026 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.13.6
EPSS0.00317
SSVC
azure linux security update vulnerabilty cri-tools moby-runc runc cve-2024-45310 container exploitation
6