CVE-2024-21626

NameCVE-2024-21626
Descriptionrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3735-1, DSA-5615-1
Debian Bugs1062532

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
runc (PTS)buster1.0.0~rc6+dfsg1-3vulnerable
buster (security)1.0.0~rc6+dfsg1-3+deb10u3fixed
bullseye (security), bullseye1.0.0~rc93+ds1-5+deb11u3fixed
bookworm, bookworm (security)1.1.5+ds1-1+deb12u1fixed
trixie1.1.12+ds1-1fixed
sid1.1.12+ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
runcsourcebuster1.0.0~rc6+dfsg1-3+deb10u3DLA-3735-1
runcsourcebullseye1.0.0~rc93+ds1-5+deb11u3DSA-5615-1
runcsourcebookworm1.1.5+ds1-1+deb12u1DSA-5615-1
runcsource(unstable)1.1.12+ds1-11062532

Notes

https://www.openwall.com/lists/oss-security/2024/01/31/6
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
https://github.com/opencontainers/runc/commit/937ca107c3d22da77eb8e8030f2342253b980980
https://github.com/opencontainers/runc/commit/8e1cd2f56d518f8d6292b8bb39f0d0932e4b6c2a
https://github.com/opencontainers/runc/commit/f2f16213e174fb63e931fe0546bbbad1d9bbed6f
https://github.com/opencontainers/runc/commit/89c93ddf289437d5c8558b37047c54af6a0edb48
https://github.com/opencontainers/runc/commit/ee73091a8d28692fa4868bac81aa40a0b05f9780
https://github.com/opencontainers/runc/commit/d8edada9f252873b88043279a71099db71941dea

Search for package or bug name: Reporting problems