CVE-2021-30465

8.5HIGH

Key Information:

Vendor: Linux
Status: Runc
Vendor: CVE Published:; 27 May 2021

Summary

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

References

https://github.com/opencontainers/runc/releases

http://www.openwall.com/lists/oss-security/2021/05/19/2

mailing-list

http://www.openwall.com/lists/oss-security/2021/05/19/2

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 27, 2021
Vulnerability Reserved
Apr 8, 2021