CVE-2024-21626 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 25, 2024
A high-severity vulnerability, CVE-2024-21626, has been identified in runc, a CLI tool for spawning and running containers on Linux systems according to the OCI specification. This vulnerability, caused by an internal file descriptor leak, allows attackers to gain access to the host filesystem and potentially execute a full container breakout. Systems running runc versions up to 1.1.11 are affected, with the issue being patched in version 1.1.12. Users are advised to update their runc installations to protect against this vulnerability.
How do I know if I'm affected?
If you're wondering whether you're affected by the vulnerability, you'll need to check if you're using runc versions 1.1.11 and below. This vulnerability is due to a file descriptor leak that allows the host file system to be mounted with the permissions of runc, typically root. It has been successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build. Keep in mind that this issue affects Linux systems running runc, and no specific Apple product versions have been mentioned in relation to this vulnerability.
What should I do if I'm affected by CVE-2024-21626?
If you're affected by the vulnerability, it's crucial to update your runc installation to version 1.1.12 or later, which includes patches for this issue. This will help protect your system from potential container breakouts and other security risks associated with the vulnerability. Remember to always keep your software up-to-date to minimize exposure to security threats.
Is CVE-2024-21626 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-21626 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, related to runc, a tool used for running containers on Linux systems, is caused by a file descriptor leak. The leak can be exploited to break out of the container, potentially leading to unauthorized access or control of the host system. To mitigate this vulnerability, users should update their runc installations to version 1.1.12 or later, which includes patches for the issue.
Weakness enumeration
The Weakness Enumeration for CVE-2024-21626 includes two CWEs: CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-403 (File Descriptor Leak). The vulnerability allows full container breakouts due to an internal file descriptor leak in runc.
For more details
CVE-2024-21626 is a high-severity vulnerability in runc that allows for full container breakouts due to an internal file descriptor leak. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Packet Storm: runc 1.1.11 File Descriptor Leak Privilege Escalation
Openwall: oss-security - Re: runc: CVE-2024-21626: high severity container breakout attack
Openwall: oss-security - Re: Re: runc: CVE-2024-21626: high severity container breakout attack (1)
GitHub: opencontainers/runc - Fix vulnerability and harden fd leaks
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-21626 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 25, 2024
A high-severity vulnerability, CVE-2024-21626, has been identified in runc, a CLI tool for spawning and running containers on Linux systems according to the OCI specification. This vulnerability, caused by an internal file descriptor leak, allows attackers to gain access to the host filesystem and potentially execute a full container breakout. Systems running runc versions up to 1.1.11 are affected, with the issue being patched in version 1.1.12. Users are advised to update their runc installations to protect against this vulnerability.
How do I know if I'm affected?
If you're wondering whether you're affected by the vulnerability, you'll need to check if you're using runc versions 1.1.11 and below. This vulnerability is due to a file descriptor leak that allows the host file system to be mounted with the permissions of runc, typically root. It has been successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build. Keep in mind that this issue affects Linux systems running runc, and no specific Apple product versions have been mentioned in relation to this vulnerability.
What should I do if I'm affected by CVE-2024-21626?
If you're affected by the vulnerability, it's crucial to update your runc installation to version 1.1.12 or later, which includes patches for this issue. This will help protect your system from potential container breakouts and other security risks associated with the vulnerability. Remember to always keep your software up-to-date to minimize exposure to security threats.
Is CVE-2024-21626 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-21626 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, related to runc, a tool used for running containers on Linux systems, is caused by a file descriptor leak. The leak can be exploited to break out of the container, potentially leading to unauthorized access or control of the host system. To mitigate this vulnerability, users should update their runc installations to version 1.1.12 or later, which includes patches for the issue.
Weakness enumeration
The Weakness Enumeration for CVE-2024-21626 includes two CWEs: CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-403 (File Descriptor Leak). The vulnerability allows full container breakouts due to an internal file descriptor leak in runc.
For more details
CVE-2024-21626 is a high-severity vulnerability in runc that allows for full container breakouts due to an internal file descriptor leak. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Packet Storm: runc 1.1.11 File Descriptor Leak Privilege Escalation
Openwall: oss-security - Re: runc: CVE-2024-21626: high severity container breakout attack
Openwall: oss-security - Re: Re: runc: CVE-2024-21626: high severity container breakout attack (1)
GitHub: opencontainers/runc - Fix vulnerability and harden fd leaks
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-21626 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 25, 2024
A high-severity vulnerability, CVE-2024-21626, has been identified in runc, a CLI tool for spawning and running containers on Linux systems according to the OCI specification. This vulnerability, caused by an internal file descriptor leak, allows attackers to gain access to the host filesystem and potentially execute a full container breakout. Systems running runc versions up to 1.1.11 are affected, with the issue being patched in version 1.1.12. Users are advised to update their runc installations to protect against this vulnerability.
How do I know if I'm affected?
If you're wondering whether you're affected by the vulnerability, you'll need to check if you're using runc versions 1.1.11 and below. This vulnerability is due to a file descriptor leak that allows the host file system to be mounted with the permissions of runc, typically root. It has been successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build. Keep in mind that this issue affects Linux systems running runc, and no specific Apple product versions have been mentioned in relation to this vulnerability.
What should I do if I'm affected by CVE-2024-21626?
If you're affected by the vulnerability, it's crucial to update your runc installation to version 1.1.12 or later, which includes patches for this issue. This will help protect your system from potential container breakouts and other security risks associated with the vulnerability. Remember to always keep your software up-to-date to minimize exposure to security threats.
Is CVE-2024-21626 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-21626 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, related to runc, a tool used for running containers on Linux systems, is caused by a file descriptor leak. The leak can be exploited to break out of the container, potentially leading to unauthorized access or control of the host system. To mitigate this vulnerability, users should update their runc installations to version 1.1.12 or later, which includes patches for the issue.
Weakness enumeration
The Weakness Enumeration for CVE-2024-21626 includes two CWEs: CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-403 (File Descriptor Leak). The vulnerability allows full container breakouts due to an internal file descriptor leak in runc.
For more details
CVE-2024-21626 is a high-severity vulnerability in runc that allows for full container breakouts due to an internal file descriptor leak. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Packet Storm: runc 1.1.11 File Descriptor Leak Privilege Escalation
Openwall: oss-security - Re: runc: CVE-2024-21626: high severity container breakout attack
Openwall: oss-security - Re: Re: runc: CVE-2024-21626: high severity container breakout attack (1)
GitHub: opencontainers/runc - Fix vulnerability and harden fd leaks
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions