Description
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
References (10)
Core 10
Core References
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/05/19/2
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202107-26
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
Issue Tracking
https://bugzilla.opensuse.org/show_bug.cgi?id=1185405
Patch, Third Party Advisory
https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f
Release Notes, Third Party Advisory
https://github.com/opencontainers/runc/releases
Patch, Third Party Advisory
https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210708-0003/
Scores
CVSS v3
8.5
EPSS
0.0217
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (5)
fedoraproject/fedora
33
fedoraproject/fedora
34
linuxfoundation/runc
1.0.0 rc1 (15 CPE variants)
linuxfoundation/runc
< 0.1.1
opencontainers/runc
0 - 1.0.0-rc95Go
Published
May 27, 2021
Tracked Since
Feb 18, 2026