CVE•Published 2024-01-31•1 article on news•6 live references•NVD data

CVE-2024-21626

Vulnerability data via CVEDB (Shodan)

CVSS v3.1

8.6

HIGH

EPSS percentile

Exploit Prediction Scoring System · top 3% of all CVEs

Description

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Timeline

Published 2024-01-31

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2024-21626

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Linuxfoundation Runc"

All exposed Linuxfoundation Runc instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Runc"

HTTP body or banner mentions "Runc" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2024-21626