Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Enterprise Linux AppStream E4S (v.8.4)

Source -

ADP

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2024-21626
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-17.28% / 96.72%
||
7 Day CHG+0.51%
Published-31 Jan, 2024 | 21:31
Updated-25 Jun, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
runc container breakout through process.cwd trickery and leaked fds

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Action-Not Available
Vendor-opencontainersFedora ProjectThe Linux FoundationRed Hat, Inc.
Product-runcfedoraruncRed Hat Enterprise Linux AppStream EUS (v.9.2)Red Hat OpenShift Container Platform 4.16Red Hat In-Vehicle Operating System 1Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10OpenShift Developer Tools and Services for OCP 4.15Red Hat Enterprise Linux AppStream E4S (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream E4S (v. 8.2)Power monitoring for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.15Red Hat Quay 3Red Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux 7 ExtrasRed Hat Enterprise Linux AppStream EUS (v.9.0)Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux AppStream EUS (v.8.6)Ironic content for Red Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4.11Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux AppStream TUS (v. 8.2)Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux AppStream TUS (v.8.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)OpenShift Developer Tools and ServicesRed Hat Enterprise Linux AppStream EUS (v.8.8)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-403
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere