Container Filesystem Breakout Vulnerability in runc by OpenContainers
CVE-2021-30465

8.5HIGH

Key Information:

Vendor: Linux
Status: Runc
Vendor: CVE Published:; 27 May 2021

What is CVE-2021-30465?

The vulnerability in runc allows an attacker to exploit container configurations that incorporate symlink-exchange attacks via a race condition. By creating multiple containers with specific mount settings, the attacker can manipulate the container’s file system. This can lead to the unintentional exposure of sensitive data or unauthorized access to the host file system. Effective mitigation strategies are essential to safeguard against such vulnerabilities.

References

https://github.com/opencontainers/runc/releases

http://www.openwall.com/lists/oss-security/2021/05/19/2

mailing-list

http://www.openwall.com/lists/oss-security/2021/05/19/2

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2021
Vulnerability Reserved
Apr 8, 2021

Linux

What is CVE-2021-30465?

References

CVSS V3.1

Timeline