Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 923434

Summary: <app-containers/runc-1.1.12: container breakout attack
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ajak, genzilla, gyakovlev, williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 925028    

Description Christopher Fore 2024-01-31 20:48:23 UTC
CVE-2024-21626:

In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b").


This is fixed in 1.1.12.
Comment 1 Larry the Git Cow gentoo-dev 2024-02-01 16:24:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9

commit 76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2024-02-01 16:22:52 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2024-02-01 16:24:35 +0000

    app-containers/runc: add 1.1.12
    
    Bug: https://bugs.gentoo.org/923434
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/runc/Manifest           |  1 +
 app-containers/runc/runc-1.1.12.ebuild | 78 ++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-03 13:38:26 UTC
(Remember to adjust summary too when there's a fixed version in tree, thanks!)
Comment 3 Larry the Git Cow gentoo-dev 2024-08-11 05:46:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=68a8d508cf9f0faa2bd942edbbb2cbf358d169d3

commit 68a8d508cf9f0faa2bd942edbbb2cbf358d169d3
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-11 05:45:57 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-11 05:46:20 +0000

    [ GLSA 202408-25 ] runc: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/828471
    Bug: https://bugs.gentoo.org/844085
    Bug: https://bugs.gentoo.org/903079
    Bug: https://bugs.gentoo.org/923434
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-25.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)