RHEL 9 : runc (RHSA-2024:0670)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0670 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: file...

runc 1.1.11 File Descriptor Leak Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'runc docker File Descriptor Leak Privilege Escalation', 'Description' = %q All versions of runc MSFLICENSE, 'Author' = 'h00die', msf module 'Rory...

[SECURITY] [DSA 5615-1] runc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5615-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 04, 2024 https://www.debian.org/security/faq -...

DSA-5615-1 runc - security update

Bulletin has no description...

Debian dsa-5615 : golang-github-opencontainers-runc-dev - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5615 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5615-1...

runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Talos Linux ships runc vulnerable to the escape to the host attack

Impact Snyk has discovered a vulnerability in all versions of runc =1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious...

GHSA-G5P6-327M-3FXX Talos Linux ships runc vulnerable to the escape to the host attack

Impact Snyk has discovered a vulnerability in all versions of runc =1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious...

SUSE CVE-2024-21626

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626-POC Instructions For educational/research pu...

SUSE: Security Advisory (SUSE-SU-2024:0295-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : runc (SUSE-SU-2024:0295-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0295-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and...

Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: file descriptor leak CVE-2024-21626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

ALSA-2024:0670 Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: file descriptor leak CVE-2024-21626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

SUSE SLES12 Security Update : runc (SUSE-SU-2024:0294-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0294-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

CVE-2024-21626 affecting package moby-runc for versions less than 1.1.9-4

CVE-2024-21626 affecting package moby-runc for versions less than 1.1.9-4. A patched version of the package is available...

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626 For detailed explanation for this vulnerabilit...

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626-POC Instructions For educational/research pu...

Sandbox Escape

runc is vulnerable to Sandbox Escape. The vulnerability is caused due to an internal file descriptor leak in runc. An attacker can exploit the leaked file descriptors to cause a newly-spawned container process, initiated by the runc exec command, to have a working directory in the host filesystem...