Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 923434 - <app-containers/runc-1.1.12: container breakout attack
Summary: <app-containers/runc-1.1.12: container breakout attack
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/opencontainers/run...
Whiteboard: B2 [glsa+]
Keywords:
Depends on:
Blocks: CVE-2024-21626
  Show dependency tree
 
Reported: 2024-01-31 20:48 UTC by Christopher Fore
Modified: 2024-08-11 05:47 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-01-31 20:48:23 UTC 
CVE-2024-21626:

In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b").


This is fixed in 1.1.12.
Comment 1 Larry the Git Cow gentoo-dev 2024-02-01 16:24:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9

commit 76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2024-02-01 16:22:52 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2024-02-01 16:24:35 +0000

    app-containers/runc: add 1.1.12
    
    Bug: https://bugs.gentoo.org/923434
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/runc/Manifest           |  1 +
 app-containers/runc/runc-1.1.12.ebuild | 78 ++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-03 13:38:26 UTC 
(Remember to adjust summary too when there's a fixed version in tree, thanks!)
Comment 3 Larry the Git Cow gentoo-dev 2024-08-11 05:46:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=68a8d508cf9f0faa2bd942edbbb2cbf358d169d3

commit 68a8d508cf9f0faa2bd942edbbb2cbf358d169d3
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-11 05:45:57 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-11 05:46:20 +0000

    [ GLSA 202408-25 ] runc: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/828471
    Bug: https://bugs.gentoo.org/844085
    Bug: https://bugs.gentoo.org/903079
    Bug: https://bugs.gentoo.org/923434
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-25.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)