StarlingX

[Debian] Medium CVE: CVE-2024-21626 runc

Bug #2052401 reported by Yue Tao on 2024-02-05

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Triaged	High	Jim Gauld

Bug Description

CVE-2024-21626: https://nvd.nist.gov/vuln/detail/CVE-2024-21626

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Base Score: Medium

Reference:

runc_1.0.0~rc93+ds1-5+deb11u3
https://security-tracker.debian.org/tracker/DSA-5615-1

Tags:

CVE References

2024-21626

Jim Gauld (jgauld) on 2024-03-19

Changed in starlingx:
assignee:	nobody → Jim Gauld (jgauld)

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2024-04-01:

Changing the target release to stx.10.0 since the r/stx.9.0 release branch is created and the team doesn't port CVE fixes to released branches.

tags:

added: stx.10.0
removed: stx.9.0

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.