Runc process.cwd and leaked fds container breakout

CVE-2024-21626

February 1, 2024

A critical vulnerability, CVE-2024-21626, has been identified in runc. This vulnerability, caused by an internal file descriptor leak, allows attackers to gain access to the host filesystem and potentially execute a full container breakout. Systems running runc versions up to 1.1.11 are affected, with the issue being patched in version 1.1.12.

Exploitation Status

At Aqua Security, we can reassure our customers and the wider community about the robustness of our security posture. A thorough review has confirmed that Aqua images are not susceptible to the vulnerabilities outlined. Although our images do incorporate runc libraries, these are categorized as indirect dependencies and thus do not present a vulnerability vector in our environment.

Mitigating Leaky Vessels Vulnerabilities in runc, BuildKit and Moby with Aqua

Need to secure enterprise workloads?

Aqua Cloud Native Application Protection Platform (CNAPP)

Go cloud native with the experts!

Get Demo

Aqua Security

Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.

Use Cases

Environments

Partners

Products

Get Started