Chroot Escape Vulnerability in Rancher by SUSE
CVE-2024-22036

9.1CRITICAL

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability exists in Rancher that allows a cluster or node driver to bypass the chroot jail, potentially granting root access to the Rancher container. In production setups, this may lead to further privilege escalation within the Rancher environment, affecting resource integrity. In test and development settings using a privileged Docker container, attackers can escape their containment and execute commands on the host system, thereby compromising its security.

Affected Version(s)

rancher 2.7.0 < 2.7.16

rancher 2.8.0 < 2.8.9

rancher 2.9.0 < 2.9.3

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22036

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Jan 4, 2024