CVE-2024-45310

Name of the Vulnerable Software and Affected Versions runc versions 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier

Description The issue is related to a race condition that allows an attacker to create empty files or directories in arbitrary locations on the host filesystem. This can be achieved by sharing a volume between two containers and exploiting a race with os.MkdirAll. The attacker must have the ability to start containers using a custom volume configuration. Containers using user namespaces are still affected, but the scope of the attack can be significantly reduced. Sufficiently strict LSM policies, such as SELinux or AppArmor, can also block this attack. The issue is exploitable using runc directly, as well as through Docker and Kubernetes.

Recommendations For runc versions 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, update to version 1.1.14 or 1.2.0-rc3 to fix the issue. As a temporary workaround, consider using user namespaces to restrict the attack scope. Restrict access to world-writable directories to minimize the risk of exploitation. Apply a strict SELinux or AppArmor policy to the runc runtime to further restrict the attack scope.