| Summary: | <app-containers/runc-1.1.12: container breakout attack | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Christopher Fore <csfore> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | normal | CC: | ajak, genzilla, gyakovlev, williamh |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv | ||
| Whiteboard: | B2 [stable?] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 925028 | ||
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9 commit 76215ae8b1d05aaaa3ac1c73eb25fe9db7e612d9 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2024-02-01 16:22:52 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2024-02-01 16:24:35 +0000 app-containers/runc: add 1.1.12 Bug: https://bugs.gentoo.org/923434 Signed-off-by: William Hubbs <williamh@gentoo.org> app-containers/runc/Manifest | 1 + app-containers/runc/runc-1.1.12.ebuild | 78 ++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) (Remember to adjust summary too when there's a fixed version in tree, thanks!) |
CVE-2024-21626: In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). This is fixed in 1.1.12.