Bug 2309336 (CVE-2024-45310) - CVE-2024-45310 runc: runc can be tricked into creating empty files/directories on host
Summary: CVE-2024-45310 runc: runc can be tricked into creating empty files/directorie...
Keywords:
Status: NEW
Alias: CVE-2024-45310
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2309404
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-03 02:42 UTC by OSIDB Bzimport
Modified: 2024-09-03 20:43 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A vulnerability was found in runc. A malicious attacker may create empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files will not be truncated.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2024-09-03 02:42:19 UTC
runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into
creating empty files or directories in arbitrary locations in the host
filesystem by sharing a volume between two containers and exploiting a race
with os.MkdirAll. While this can be used to create empty files, existing
files **will not** be truncated.

An attacker must have the ability to start containers using some kind of custom
volume configuration. Containers using user namespaces are still affected, but
the scope of places an attacker can create inodes can be significantly reduced.
Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block
this attack -- we suspect the industry standard SELinux policy may restrict
this attack's scope but the exact scope of protection hasn't been analysed.


Note You need to log in before you can comment on or make changes to this bug.