Количество 18
Количество 18
GHSA-xr7r-f8xq-vfvv
runc vulnerable to container breakout through process.cwd trickery and leaked fds
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVE-2024-21626
GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux accord ...
SUSE-SU-2024:0459-1
Security update for runc
SUSE-SU-2024:0328-1
Security update for runc
SUSE-SU-2024:0295-1
Security update for runc
SUSE-SU-2024:0294-1
Security update for runc
ELSA-2024-17931
ELSA-2024-17931: runc security update (IMPORTANT)
ELSA-2024-12148
ELSA-2024-12148: runc security update (IMPORTANT)
ELSA-2024-0752
ELSA-2024-0752: container-tools:ol8 security update (IMPORTANT)
ELSA-2024-0670
ELSA-2024-0670: runc security update (IMPORTANT)
BDU:2024-00973
Уязвимость инструмента для запуска изолированных контейнеров Runc связана с недостатками разграничений контролируемой области системы, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2025:0074-1
Security update for crun
ROS-20240410-18
Уязвимость runc
ELSA-2024-0748
ELSA-2024-0748: container-tools:4.0 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-xr7r-f8xq-vfvv runc vulnerable to container breakout through process.cwd trickery and leaked fds | CVSS3: 8.6 | 6% Низкий | больше 1 года назад |
 | CVE-2024-21626 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | CVSS3: 8.6 | 6% Низкий | больше 1 года назад |
 | CVE-2024-21626 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | CVSS3: 8.6 | 6% Низкий | больше 1 года назад |
 | CVE-2024-21626 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | CVSS3: 8.6 | 6% Низкий | больше 1 года назад |
 | CVE-2024-21626 GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds | 6% Низкий | больше 1 года назад | |
| CVE-2024-21626 runc is a CLI tool for spawning and running containers on Linux accord ... | CVSS3: 8.6 | 6% Низкий | больше 1 года назад |
 | SUSE-SU-2024:0459-1 Security update for runc | 6% Низкий | больше 1 года назад | |
| SUSE-SU-2024:0328-1 Security update for runc | 6% Низкий | больше 1 года назад | |
| SUSE-SU-2024:0295-1 Security update for runc | 6% Низкий | больше 1 года назад | |
| SUSE-SU-2024:0294-1 Security update for runc | 6% Низкий | больше 1 года назад | |
| ELSA-2024-17931 ELSA-2024-17931: runc security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-12148 ELSA-2024-12148: runc security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-0752 ELSA-2024-0752: container-tools:ol8 security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-0670 ELSA-2024-0670: runc security update (IMPORTANT) | больше 1 года назад | ||
 | BDU:2024-00973 Уязвимость инструмента для запуска изолированных контейнеров Runc связана с недостатками разграничений контролируемой области системы, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.6 | 6% Низкий | больше 1 года назад |
| openSUSE-SU-2025:0074-1 Security update for crun | 4 месяца назад | ||
 | ROS-20240410-18 Уязвимость runc | CVSS3: 8.6 | 6% Низкий | около 1 года назад |
| ELSA-2024-0748 ELSA-2024-0748: container-tools:4.0 security update (IMPORTANT) | больше 1 года назад |
Уязвимостей на страницу