CVE-2024-21626

CVSS v3.1

8.6

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions runc versions 1.1.11 and earlier

Description The issue is related to an internal file descriptor leak in runc, which allows an attacker to cause a newly-spawned container process to have a working directory in the host filesystem namespace. This can lead to a container escape, giving access to the host filesystem. The same attack can be used by a malicious image to allow a container process to gain access to the host filesystem through runc run. Variants of these attacks can also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes. It is estimated that at least 80% of cloud environments are exposed to this issue.

Recommendations For runc versions 1.1.11 and earlier, update to runc version 1.1.12 to address the issue. If you are using containerd, update to version 1.6.28 or 1.7.13, which include the patched runc version. For Docker, update to version 24.0.9 or 25.0.2. As a temporary workaround, consider restricting access to the vulnerable

process.cwd

and

process.args

to minimize the risk of exploitation.

Exploit

Fix

RCE

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-403CWE-668

Related Identifiers

ALSA-2023_6380

ALSA-2024:0670

ALSA-2024:0748

ALSA-2024:0752

ALSA-2024_0670

ALSA-2024_0748

ALSA-2024_0752

ALSA-2024_1131

ALSA-2024_1149

ALSA-2024_2160

ALSA-2024_2180

ALSA-2024_2193

ALSA-2024_2239

ALSA-2024_2245

ALSA-2024_2272

ALSA-2025_16880

ALT-PU-2024-1729

ALT-PU-2024-1733

ALT-PU-2024-1740

ALT-PU-2024-1975

BDU:2024-00973

CESA-2024_0748

CESA-2024_0752

CVE-2024-21626

DLA-3735-1

DSA-5615-1

ELSA-2024-0670

ELSA-2024-0748

ELSA-2024-0752

ELSA-2024-12148

ELSA-2024-17931

GHSA-XR7R-F8XQ-VFVV

GO-2024-2491

OESA-2024-1182

OPENSUSE-SU-2024:13644-1

OPENSUSE-SU-2024:13754-1

OPENSUSE-SU-2024:14059-1

OPENSUSE-SU-2024_0459-1

OPENSUSE-SU-2025:0074-1

RHSA-2024:0645

RHSA-2024:0662

RHSA-2024:0666

RHSA-2024:0670

RHSA-2024:0684

RHSA-2024:0717

RHSA-2024:0748

RHSA-2024:0752

RHSA-2024:0755

RHSA-2024:0756

RHSA-2024:0757

RHSA-2024:0758

RHSA-2024:0759

RHSA-2024:0760

RHSA-2024:0764

RHSA-2024:10149

RHSA-2024:10520

RHSA-2024:10525

RHSA-2024:10841

RHSA-2024:1270

RHSA-2024:4597

RHSA-2024_0670

RHSA-2024_0748

RHSA-2024_0752

RLSA-2024:0752

RLSA-2024_0748

RLSA-2024_0752

ROSA-SA-2024-2393

ROSA-SA-2025-2670

SUSE-SU-2024:0294-1

SUSE-SU-2024:0295-1

SUSE-SU-2024:0328-1

SUSE-SU-2024:0459-1

SUSE-SU-2024_0294-1

SUSE-SU-2024_0295-1

SUSE-SU-2024_0328-1

SUSE-SU-2024_0459-1

USN-6619-1

Affected Products

Alt Linux

Almalinux

Centos

Check Point Gaia

Docker

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Kubernetes Containerd

Runc

CVE-2024-21626

Weakness Enumeration

Related Identifiers

Affected Products

References · 214