CVE-2024-21626: In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). This is fixed in 1.1.12.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9 commit 76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2024-02-01 16:22:52 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2024-02-01 16:24:35 +0000 app-containers/runc: add 1.1.12 Bug: https://bugs.gentoo.org/923434 Signed-off-by: William Hubbs <williamh@gentoo.org> app-containers/runc/Manifest | 1 + app-containers/runc/runc-1.1.12.ebuild | 78 ++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+)
(Remember to adjust summary too when there's a fixed version in tree, thanks!)
