VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-h2d7-ph2u-aaah

Essentials
Severities (125)
References (52)
Severity details (37)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-h2d7-ph2u-aaah
Aliases	CVE-2024-21626 GHSA-xr7r-f8xq-vfvv
Summary	runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-668	Exposure of Resource to Wrong Sphere
CWE-403	Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

System	Score	Found at
cvssv3.1	8.6	http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
generic_textual	HIGH	http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
ssvc	Track*	http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0682
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0682
cvssv3	8.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21626.json
epss	0.01112	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01304	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01304	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01304	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01445	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01445	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.01947	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.03326	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.03326	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.03326	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.03326	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0391	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.03987	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04199	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.0431	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.045	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04773	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04819	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04819	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04819	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04915	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.04915	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05054	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05054	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05054	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05062	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05105	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05105	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05105	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05169	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05169	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05169	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05169	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05169	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05169	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05222	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05277	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05277	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05277	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05277	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05277	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05277	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05377	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05377	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05377	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05711	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.05711	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.06207	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.06207	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.06207	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.06207	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
epss	0.06207	https://api.first.org/data/v1/epss?cve=CVE-2024-21626
cvssv3.1	8.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.6	https://github.com/opencontainers/runc
generic_textual	LOW	https://github.com/opencontainers/runc
cvssv3.1	8.6	https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
generic_textual	HIGH	https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
ssvc	Track*	https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
cvssv3.1	8.6	https://github.com/opencontainers/runc/releases/tag/v1.1.12
generic_textual	HIGH	https://github.com/opencontainers/runc/releases/tag/v1.1.12
ssvc	Track*	https://github.com/opencontainers/runc/releases/tag/v1.1.12
cvssv3.1	8.6	https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
generic_textual	HIGH	https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
ssvc	Track*	https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
cvssv3.1	8.6	https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
cvssv3.1	8.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J
cvssv3.1	8.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
cvssv3.1	8.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL
cvssv3.1	8.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
cvssv3	8.6	https://nvd.nist.gov/vuln/detail/CVE-2024-21626
cvssv3.1	8.6	https://nvd.nist.gov/vuln/detail/CVE-2024-21626
cvssv3.1	8.6	http://www.openwall.com/lists/oss-security/2024/02/01/1
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2024/02/01/1
ssvc	Track*	http://www.openwall.com/lists/oss-security/2024/02/01/1
cvssv3.1	8.6	http://www.openwall.com/lists/oss-security/2024/02/02/3
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2024/02/02/3
ssvc	Track*	http://www.openwall.com/lists/oss-security/2024/02/02/3

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21626.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-21626
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/opencontainers/runc
		https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf
		https://github.com/opencontainers/runc/releases/tag/v1.1.12
		https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
		https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
		https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626
		http://www.openwall.com/lists/oss-security/2024/02/01/1
		http://www.openwall.com/lists/oss-security/2024/02/02/3
1062532		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062532
2258725		https://bugzilla.redhat.com/show_bug.cgi?id=2258725
cpe:2.3:a:linuxfoundation:runc::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc::::::::
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVE-2024-21626		https://nvd.nist.gov/vuln/detail/CVE-2024-21626
GLSA-202408-25		https://security.gentoo.org/glsa/202408-25
RHSA-2024:0645		https://access.redhat.com/errata/RHSA-2024:0645
RHSA-2024:0662		https://access.redhat.com/errata/RHSA-2024:0662
RHSA-2024:0666		https://access.redhat.com/errata/RHSA-2024:0666
RHSA-2024:0670		https://access.redhat.com/errata/RHSA-2024:0670
RHSA-2024:0682		https://access.redhat.com/errata/RHSA-2024:0682
RHSA-2024:0684		https://access.redhat.com/errata/RHSA-2024:0684
RHSA-2024:0717		https://access.redhat.com/errata/RHSA-2024:0717
RHSA-2024:0748		https://access.redhat.com/errata/RHSA-2024:0748
RHSA-2024:0752		https://access.redhat.com/errata/RHSA-2024:0752
RHSA-2024:0755		https://access.redhat.com/errata/RHSA-2024:0755
RHSA-2024:0756		https://access.redhat.com/errata/RHSA-2024:0756
RHSA-2024:0757		https://access.redhat.com/errata/RHSA-2024:0757
RHSA-2024:0758		https://access.redhat.com/errata/RHSA-2024:0758
RHSA-2024:0759		https://access.redhat.com/errata/RHSA-2024:0759
RHSA-2024:0760		https://access.redhat.com/errata/RHSA-2024:0760
RHSA-2024:0764		https://access.redhat.com/errata/RHSA-2024:0764
RHSA-2024:10149		https://access.redhat.com/errata/RHSA-2024:10149
RHSA-2024:10520		https://access.redhat.com/errata/RHSA-2024:10520
RHSA-2024:10525		https://access.redhat.com/errata/RHSA-2024:10525
RHSA-2024:10841		https://access.redhat.com/errata/RHSA-2024:10841
RHSA-2024:1270		https://access.redhat.com/errata/RHSA-2024:1270
RHSA-2024:4597		https://access.redhat.com/errata/RHSA-2024:4597
RHSA-2025:0115		https://access.redhat.com/errata/RHSA-2025:0115
RHSA-2025:0650		https://access.redhat.com/errata/RHSA-2025:0650
RHSA-2025:1711		https://access.redhat.com/errata/RHSA-2025:1711
RHSA-2025:2441		https://access.redhat.com/errata/RHSA-2025:2441
RHSA-2025:2701		https://access.redhat.com/errata/RHSA-2025:2701
RHSA-2025:2710		https://access.redhat.com/errata/RHSA-2025:2710
USN-6619-1		https://usn.ubuntu.com/6619-1/

Data source	Metasploit
Description	All versions of runc <=1.1.11, as used by containerization technologies such as Docker engine, and Kubernetes are vulnerable to an arbitrary file write. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 and runc 1.1.11 using Docker build. Successfully tested on Debian 12.4.0 with runc 1.1.11 using Docker build. Successfully tested on Arch Linux 12/1/2024 with runc 1.1.10-1 using Docker build.
Note	AKA: - Leaky Vessels Stability: - crash-safe Reliability: - repeatable-session SideEffects: - artifacts-on-disk
Ransomware campaign use	Unknown
Source publication date	Jan. 31, 2024
Platform	Linux
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/runc_cwd_priv_esc.rb

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:0682

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T14:09:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:0682

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21626.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/opencontainers/runc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/releases/tag/v1.1.12

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at https://github.com/opencontainers/runc/releases/tag/v1.1.12

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/02/01/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/01/1

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/02/02/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T04:01:01Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/02/3

Exploit Prediction Scoring System (EPSS)

Percentile	0.64997
EPSS Score	0.01112
Published At	March 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-01-17T15:01:47.613761+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	34.0.0rc2