runc container breakout through process.cwd trickery and leaked fds

Summary

CVECVE-2024-21626
StatePUBLISHED
AssignerGitHub_M
Source PriorityCVE Program / NVD first with legacy fallback
Published2024-01-31 22:15:53 UTC
Updated2026-07-15 02:17:09 UTC
Descriptionrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Risk And Classification

Primary CVSS: v3.1 8.6 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS: 0.180870000 probability, percentile 0.968400000 (date 2026-07-01)

Problem Types: CWE-403 | CWE-668 | CWE-200 | CWE-403 CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | CWE-668 CWE-668: Exposure of Resource to Wrong Sphere | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor


VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary8.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1ADPCVSS8.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1[email protected]Secondary8.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
3.10b0ca135-0b70-47e7-9f44-1890c2a1c46cSecondary8.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1CNADECLARED8.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Fedoraproject Fedora 39 All All All
Application Linuxfoundation Runc All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Opencontainers Runc affected >=v1.0.0-rc93, < 1.1.12 Not specified
ADP Red Hat OCP-Tools-4.15-RHEL-8 unaffected 0:2.440.3.1718879390-3.el8 * rpm Not specified
ADP Red Hat OCP-Tools-4.15-RHEL-8 unaffected 0:4.15.1718879538-1.el8 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 7 Extras unaffected 0:1.0.0-70.rc10.el7_9 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 7 Extras unaffected 2:1.13.1-210.git7d71120.el7_9 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8 unaffected 8090020240201111813.d7b6f4b7 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8 unaffected 8090020240201111839.d7b6f4b7 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support unaffected 8020020240206120705.28c38760 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service unaffected 8020020240206120705.28c38760 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions unaffected 8020020240206120705.28c38760 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support unaffected 8040020240207051234.c0c392d5 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service unaffected 8040020240207051234.c0c392d5 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions unaffected 8040020240207051234.c0c392d5 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support unaffected 8060020240205133014.3b538bd8 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support unaffected 8060020240206151655.3b538bd8 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support unaffected 8080020240206143933.0f77c1b7 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 9 unaffected 4:1.1.12-1.el9_3 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support unaffected 4:1.1.12-1.el9_0 * rpm Not specified
ADP Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support unaffected 4:1.1.12-1.el9_2 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.11 unaffected 3:1.1.2-3.1.rhaos4.11.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.12 unaffected 3:1.1.6-5.1.rhaos4.12.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.12 unaffected v4.12.0-202503030130.p0.g7c2a284.assembly.stream.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.13 unaffected 4:1.1.12-1.rhaos4.13.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.13 unaffected v4.13.0-202503111300.p0.gb379980.assembly.stream.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.14 unaffected 4:1.1.12-1.rhaos4.14.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.14 unaffected v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.14 unaffected 0:4.14.42-202411280904.p0.gcf4d04f.assembly.4.14.42.el9 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.15 unaffected v4.15.0-202502171304.p0.gb74eb6d.assembly.stream.el8 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.15 unaffected 0:4.15.41-202412091343.p0.gcf9680e.assembly.4.15.41.el9 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.16 unaffected 0:4.16.24-202411220522.p0.gcc4fedc.assembly.4.16.24.el9 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.16 unaffected v4.16.0-202501160405.p0.g300d9ad.assembly.stream.el9 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.17 unaffected 0:4.17.7-202411280904.p0.g129334d.assembly.4.17.7.el9 * rpm Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.17 unaffected v4.17.0-202501052337.p0.gbb33e13.assembly.stream.el9 * rpm Not specified
ADP Red Hat OpenShift Developer Tools And Services Not specified Not specified
ADP Red Hat OpenShift Developer Tools And Services Not specified Not specified
ADP Red Hat Power Monitoring For Red Hat OpenShift Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 9 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
ADP Red Hat Red Hat Quay 3 Not specified Not specified

References

ReferenceSourceLinkTags
access.redhat.com/security/cve/CVE-2024-21626 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2025:0650 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626 af854a3a-2127-422b-91ae-364da2661108 www.vicarius.io
security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21626.json 0b0ca135-0b70-47e7-9f44-1890c2a1c46c security.access.redhat.com
access.redhat.com/errata/RHSA-2024:0717 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0662 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0666 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
lists.debian.org/debian-lts-announce/2024/02/msg00005.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org
access.redhat.com/errata/RHSA-2025:0115 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
oss-security - Re: Re: runc: CVE-2024-21626: high severity container breakout attack af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List
access.redhat.com/errata/RHSA-2024:0645 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escal... af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
access.redhat.com/errata/RHSA-2024:0760 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0764 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0758 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0752 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0756 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
bugzilla.redhat.com/show_bug.cgi 0b0ca135-0b70-47e7-9f44-1890c2a1c46c bugzilla.redhat.com
access.redhat.com/errata/RHSA-2024:10841 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
Merge pull request from GHSA-xr7r-f8xq-vfvv · opencontainers/runc@0212048 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Patch
access.redhat.com/errata/RHSA-2024:10525 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:10520 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2025:2441 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
lists.fedoraproject.org/archives/list/[email protected]/messag... af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Mailing List
access.redhat.com/errata/RHSA-2025:2710 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0759 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0757 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0755 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
oss-security - Re: runc: CVE-2024-21626: high severity container breakout attack af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List
access.redhat.com/errata/RHSA-2024:0670 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:0684 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2025:2701 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2025:1711 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
lists.fedoraproject.org/archives/list/[email protected]/messag... af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
access.redhat.com/errata/RHSA-2024:4597 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
Release runc 1.1.12 -- "Now you're thinking with Portals™!" · opencontainers/runc · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Release Notes
access.redhat.com/errata/RHSA-2024:1270 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
several container breakouts due to internally leaked fds · Advisory · opencontainers/runc · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Exploit, Vendor Advisory
access.redhat.com/errata/RHSA-2024:0748 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2024:10149 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Additional Advisory Data

SourceTimeEvent
ADP2024-01-17T00:00:00.000ZReported to Red Hat.
ADP2024-01-31T20:01:00.000ZMade public.

Solutions

ADP: RHSA-2024:1270: Red Hat Enterprise Linux 7 Extras

ADP: RHSA-2024:0717: Red Hat Enterprise Linux 7 Extras

ADP: RHSA-2024:4597: OpenShift Developer Tools and Services for OCP 4.15

ADP: RHSA-2024:0684: Red Hat OpenShift Container Platform 4.11

ADP: RHSA-2025:2441: Red Hat OpenShift Container Platform 4.12

ADP: RHSA-2024:0666: Red Hat OpenShift Container Platform 4.12

ADP: RHSA-2025:2701: Red Hat OpenShift Container Platform 4.13

ADP: RHSA-2024:0662: Red Hat OpenShift Container Platform 4.13

ADP: RHSA-2025:2710: Red Hat OpenShift Container Platform 4.14

ADP: RHSA-2024:0645: Red Hat OpenShift Container Platform 4.14

ADP: RHSA-2025:1711: Red Hat OpenShift Container Platform 4.15

ADP: RHSA-2024:10525: Red Hat OpenShift Container Platform 4.14

ADP: RHSA-2024:10841: Red Hat OpenShift Container Platform 4.15

ADP: RHSA-2024:10149: Red Hat OpenShift Container Platform 4.16

ADP: RHSA-2025:0650: Red Hat OpenShift Container Platform 4.16

ADP: RHSA-2024:10520: Red Hat OpenShift Container Platform 4.17

ADP: RHSA-2025:0115: Red Hat OpenShift Container Platform 4.17

ADP: RHSA-2024:0758: Red Hat Enterprise Linux AppStream AUS (v. 8.2), Red Hat Enterprise Linux AppStream E4S (v. 8.2), Red Hat Enterprise Linux AppStream TUS (v. 8.2)

ADP: RHSA-2024:0760: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream E4S (v.8.4), Red Hat Enterprise Linux AppStream TUS (v.8.4)

ADP: RHSA-2024:0757: Red Hat Enterprise Linux AppStream EUS (v.8.6)

ADP: RHSA-2024:0764: Red Hat Enterprise Linux AppStream EUS (v.8.6)

ADP: RHSA-2024:0759: Red Hat Enterprise Linux AppStream EUS (v.8.8)

ADP: RHSA-2024:0748: Red Hat Enterprise Linux AppStream (v. 8)

ADP: RHSA-2024:0752: Red Hat Enterprise Linux AppStream (v. 8)

ADP: RHSA-2024:0756: Red Hat Enterprise Linux AppStream EUS (v.9.0)

ADP: RHSA-2024:0755: Red Hat Enterprise Linux AppStream EUS (v.9.2)

ADP: RHSA-2024:0670: Red Hat Enterprise Linux AppStream (v. 9)

Workarounds

ADP: Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the 'RUN' and 'WORKDIR' directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.

Legacy QID Mappings

  • 161335 Oracle Enterprise Linux Security Update for runc (ELSA-2024-0670)
  • 161340 Oracle Enterprise Linux Security Update for runc (ELSA-2024-17931)
  • 161341 Oracle Enterprise Linux Security Update for runc (ELSA-2024-12148)
  • 161353 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2024-0752)
  • 161356 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2024-0748)
  • 200090 Ubuntu Security Notification for runC Vulnerability (USN-6619-1)
  • 242818 Red Hat Update for runc (RHSA-2024:0670)
  • 242889 Red Hat Update for runc (RHSA-2024:0717)
  • 242891 Red Hat Update for container-tools:rhel8 (RHSA-2024:0752)
  • 242892 Red Hat Update for container-tools:2.0 (RHSA-2024:0758)
  • 242893 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2024:0662)
  • 242894 Red Hat Update for container-tools:4.0 (RHSA-2024:0748)
  • 242897 Red Hat Update for container-tools:3.0 (RHSA-2024:0760)
  • 242898 Red Hat Update for runc (RHSA-2024:0756)
  • 242899 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2024:0666)
  • 242900 Red Hat Update for container-tools:rhel8 (RHSA-2024:0759)
  • 242902 Red Hat Update for container-tools:4.0 (RHSA-2024:0757)
  • 242904 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2024:0645)
  • 242905 Red Hat Update for container-tools:rhel8 (RHSA-2024:0764)
  • 242907 Red Hat Update for runc (RHSA-2024:0755)
  • 242909 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2024:0684)
  • 243056 Red Hat Update for docker (RHSA-2024:1270)
  • 284908 Fedora Security Update for runc (FEDORA-2024-9044c9eefa)
  • 285005 Fedora Security Update for runc (FEDORA-2024-900dc7f6ff)
  • 357062 Amazon Linux Security Advisory for runc : ALAS2ECS-2024-033
  • 357063 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2024-036
  • 357064 Amazon Linux Security Advisory for runc : ALAS2NITRO-ENCLAVES-2024-036
  • 357065 Amazon Linux Security Advisory for runc : ALAS2023-2024-501
  • 357066 Amazon Linux Security Advisory for runc : ALAS-2024-1911
  • 379336 Docker and runc container breakout Vulnerability (Leaky Vessels) (GHSA-xr7r-f8xq-vfvv)
  • 379337 Docker Desktop Runc and BuildKit Vulnerability
  • 379338 Docker Engine Runc and BuildKit Multiple Vulnerabilities
  • 379341 Alibaba Cloud Linux Security Update for runc (ALINUX3-SA-2024:0015)
  • 379641 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)
  • 510703 Alpine Linux Security Update for runc
  • 6000469 Debian Security Update for runc (DSA 5615-1)
  • 6000482 Debian Security Update for runc (DLA 3735-1)
  • 6140326 AWS Bottlerocket Security Update for runc (GHSA-gvfx-46w7-j3xv)
  • 673388 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1234)
  • 674075 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1212)
  • 674125 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1483)
  • 674131 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1504)
  • 755685 SUSE Enterprise Linux Security Update for runc (SUSE-SU-2024:0295-1)
  • 755746 SUSE Enterprise Linux Security Update for runc (SUSE-SU-2024:0459-1)
  • 770228 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2024:0662)
  • 770229 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2024:0666)
  • 770230 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2024:0645)
  • 770231 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2024:0684)
  • 907848 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (34087-1)
  • 907932 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (34075)
  • 907943 Common Base Linux Mariner (CBL-Mariner) Security Update for cri-tools (34060)
  • 907949 Common Base Linux Mariner (CBL-Mariner) Security Update for kubernetes (34074)
  • 907960 Common Base Linux Mariner (CBL-Mariner) Security Update for kubernetes (34074-1)
  • 907974 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (34075-1)
  • 907986 Common Base Linux Mariner (CBL-Mariner) Security Update for cri-tools (34060-1)
  • 941569 AlmaLinux Security Update for runc (ALSA-2024:0670)
  • 941572 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2024:0752)
  • 941573 AlmaLinux Security Update for container-tools:4.0 (ALSA-2024:0748)
  • 961114 Rocky Linux Security Update for container-tools:rhel8 (RLSA-2024:0752)
  • 997036 GO (Go) Security Update for github.com/opencontainers/runc (GHSA-xr7r-f8xq-vfvv)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report