CVE-2024-21626

Disclosure Date: January 31, 2024 •

CVE-2024-21626 CVSS v3 Base Score: 8.6

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

exploit/linux/local/runc_cwd_priv_esc

Description

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (“attack 2”). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (“attack 1”). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (“attack 3a” and “attack 3b”). runc 1.1.12 includes patches for this issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.6 High

Impact Score:

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

fedoraproject,
linuxfoundation

Products

fedora 39,
runc

Metasploit Modules

exploit/linux/local/runc_cwd_priv_esc (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/runc_cwd_priv_esc.rb)

References

Canonical

CVE-2024-21626 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626)

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2024-21626 (https://github.com/NitroCao/CVE-2024-21626) (Added by AKB Worker)

CVE-2024-21626 (https://github.com/cdxiaodong/CVE-2024-21626) (Added by AKB Worker)

CVE-2024-21626-demo (https://github.com/laysakura/CVE-2024-21626-demo) (Added by AKB Worker)