tencent cloud

masukan

CVE-2024-21626 Vulnerability Fix Description

Terakhir diperbarui:2024-05-27 16:04:09

    Vulnerability Details

    Agent: runc Vulnerability Name: runc Container Escape Vulnerability CVE No.: CVE-2024-21626 Impact: This vulnerability could compromise the isolation layer between the container and the host operating system, allowing attackers to access host files or execute binary programs without authorization. For details, see Community Explanation and Fix Suggestions.

    Scope of Impact

    Runtime engines that use runc versions between 1.0.0-rc.93 and 1.1.11.
    Note:
    Preliminary verification indicates that exploiting this vulnerability requires kernel support for the openat2 system call (kernel version 5.6 and later). The affected node operating system distributions currently identified include Ubuntu 22.04 LTS and Red Hat Enterprise Linux 8.6. This vulnerability has not been reproduced on other operating system distributions. We are continuously following up.

    Fix Method

    1. Incremental TKE clusters and nodes created after February 3, 2024, are not affected by this vulnerability.
    2. For legacy nodes, you can fix the vulnerability by executing the following command on the machine or replace the nodes:
    wget http://static.ccs.tencentyun.com/fix-cve-2024-21626.tar.gz && tar -zxf fix-cve-2024-21626.tar.gz && fix-cve-2024-21626/runc-v1.1.12.sh
    
    
    Hubungi Kami

    Hubungi tim penjualan atau penasihat bisnis kami untuk membantu bisnis Anda.

    Dukungan Teknis

    Buka tiket jika Anda mencari bantuan lebih lanjut. Tiket kami tersedia 7x24.

    Dukungan Telepon 7x24