CVE-2024-21626
HIGH EPSS 96.8%
Published Jan 31, 20242y ago · Modified Jun 25, 20265d ago
8.6 CVSS 3.1
Published Jan 31, 2024 2y ago
Last Modified Jun 25, 2026 5d ago
Description
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
96.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 3
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-403
CWE-668
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| linuxfoundation | runc | * | <1.1.12 |
| fedoraproject | fedora | 39 | any |
References 40
- packetstormsecurity.com http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
- openwall.com http://www.openwall.com/lists/oss-security/2024/02/01/1
- openwall.com http://www.openwall.com/lists/oss-security/2024/02/02/3
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0645
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0662
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0666
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0670
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0684
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0717
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0748
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0752
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0755
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0756
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0757
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0758
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0759
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0760
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0764
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:10149
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:10520
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:10525
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:10841
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1270
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:4597
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:0115
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:0650
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:1711
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:2441
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:2701
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:2710
- access.redhat.com https://access.redhat.com/security/cve/CVE-2024-21626
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2258725
- github.com https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
- github.com https://github.com/opencontainers/runc/releases/tag/v1.1.12
- github.com https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
- lists.debian.org https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
- security.access.redhat.com https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21626.json
- vicarius.io https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626
Remediation
- github.com https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf