tencent cloud

Feedback

CVE-2024-21626 Vulnerability Fix Description

Last updated: 2024-05-27 16:04:09

    Vulnerability Details

    Agent: runc Vulnerability Name: runc Container Escape Vulnerability CVE No.: CVE-2024-21626 Impact: This vulnerability could compromise the isolation layer between the container and the host operating system, allowing attackers to access host files or execute binary programs without authorization. For details, see Community Explanation and Fix Suggestions.

    Scope of Impact

    Runtime engines that use runc versions between 1.0.0-rc.93 and 1.1.11.
    Note:
    Preliminary verification indicates that exploiting this vulnerability requires kernel support for the openat2 system call (kernel version 5.6 and later). The affected node operating system distributions currently identified include Ubuntu 22.04 LTS and Red Hat Enterprise Linux 8.6. This vulnerability has not been reproduced on other operating system distributions. We are continuously following up.

    Fix Method

    1. Incremental TKE clusters and nodes created after February 3, 2024, are not affected by this vulnerability.
    2. For legacy nodes, you can fix the vulnerability by executing the following command on the machine or replace the nodes:
    wget http://static.ccs.tencentyun.com/fix-cve-2024-21626.tar.gz && tar -zxf fix-cve-2024-21626.tar.gz && fix-cve-2024-21626/runc-v1.1.12.sh
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support