8.6

CVE-2024-21626

Medienbericht
Exploit

runc container breakout through process.cwd trickery and leaked fds

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxfoundationRunc Version < 1.1.12
FedoraprojectFedora Version39
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.09% 0.968
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 1.8 6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com 8.6 1.8 6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.6 1.8 6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:52
http://www.openwall.com/lists/oss-security/2024/02/01/1
Mailing List
http://www.openwall.com/lists/oss-security/2024/02/02/3
Mailing List
https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
Patch
https://github.com/opencontainers/runc/releases/tag/v1.1.12
Release Notes
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
Vendor Advisory
Exploit
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
Mailing List
https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626
https://access.redhat.com/errata/RHSA-2025:0115
https://access.redhat.com/errata/RHSA-2025:2441
https://access.redhat.com/errata/RHSA-2025:2701
https://access.redhat.com/errata/RHSA-2025:2710
https://access.redhat.com/security/cve/CVE-2024-21626
https://bugzilla.redhat.com/show_bug.cgi?id=2258725
https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21626.json
https://access.redhat.com/errata/RHSA-2024:0645
https://access.redhat.com/errata/RHSA-2024:0662
https://access.redhat.com/errata/RHSA-2024:0666
https://access.redhat.com/errata/RHSA-2024:0670
https://access.redhat.com/errata/RHSA-2024:0684
https://access.redhat.com/errata/RHSA-2024:0717
https://access.redhat.com/errata/RHSA-2024:0748
https://access.redhat.com/errata/RHSA-2024:0752
https://access.redhat.com/errata/RHSA-2024:0755
https://access.redhat.com/errata/RHSA-2024:0756
https://access.redhat.com/errata/RHSA-2024:0757
https://access.redhat.com/errata/RHSA-2024:0758
https://access.redhat.com/errata/RHSA-2024:0759
https://access.redhat.com/errata/RHSA-2024:0760
https://access.redhat.com/errata/RHSA-2024:0764
https://access.redhat.com/errata/RHSA-2024:10149
https://access.redhat.com/errata/RHSA-2024:10520
https://access.redhat.com/errata/RHSA-2024:10525
https://access.redhat.com/errata/RHSA-2024:10841
https://access.redhat.com/errata/RHSA-2024:1270
https://access.redhat.com/errata/RHSA-2024:4597
https://access.redhat.com/errata/RHSA-2025:0650
https://access.redhat.com/errata/RHSA-2025:1711