runc container breakout through process.cwd trickery and leaked fds
Summary
| CVE | CVE-2024-21626 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-01-31 22:15:53 UTC |
| Updated | 2026-07-15 02:17:09 UTC |
| Description | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. |
Risk And Classification
Primary CVSS: v3.1 8.6 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS: 0.180870000 probability, percentile 0.968400000 (date 2026-07-01)
Problem Types: CWE-403 | CWE-668 | CWE-200 | CWE-403 CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | CWE-668 CWE-668: Exposure of Resource to Wrong Sphere | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 8.6 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | ADP | CVSS | 8.6 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | [email protected] | Secondary | 8.6 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 8.6 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 8.6 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 39 | All | All | All |
| Application | Linuxfoundation | Runc | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Opencontainers | Runc | affected >=v1.0.0-rc93, < 1.1.12 | Not specified |
| ADP | Red Hat | OCP-Tools-4.15-RHEL-8 | unaffected 0:2.440.3.1718879390-3.el8 * rpm | Not specified |
| ADP | Red Hat | OCP-Tools-4.15-RHEL-8 | unaffected 0:4.15.1718879538-1.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 Extras | unaffected 0:1.0.0-70.rc10.el7_9 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 Extras | unaffected 2:1.13.1-210.git7d71120.el7_9 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | unaffected 8090020240201111813.d7b6f4b7 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | unaffected 8090020240201111839.d7b6f4b7 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | unaffected 8020020240206120705.28c38760 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | unaffected 8020020240206120705.28c38760 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions | unaffected 8020020240206120705.28c38760 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | unaffected 8040020240207051234.c0c392d5 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | unaffected 8040020240207051234.c0c392d5 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions | unaffected 8040020240207051234.c0c392d5 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | unaffected 8060020240205133014.3b538bd8 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | unaffected 8060020240206151655.3b538bd8 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | unaffected 8080020240206143933.0f77c1b7 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | unaffected 4:1.1.12-1.el9_3 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | unaffected 4:1.1.12-1.el9_0 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | unaffected 4:1.1.12-1.el9_2 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.11 | unaffected 3:1.1.2-3.1.rhaos4.11.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.12 | unaffected 3:1.1.6-5.1.rhaos4.12.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.12 | unaffected v4.12.0-202503030130.p0.g7c2a284.assembly.stream.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.13 | unaffected 4:1.1.12-1.rhaos4.13.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.13 | unaffected v4.13.0-202503111300.p0.gb379980.assembly.stream.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected 4:1.1.12-1.rhaos4.14.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected 0:4.14.42-202411280904.p0.gcf4d04f.assembly.4.14.42.el9 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.15 | unaffected v4.15.0-202502171304.p0.gb74eb6d.assembly.stream.el8 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.15 | unaffected 0:4.15.41-202412091343.p0.gcf9680e.assembly.4.15.41.el9 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected 0:4.16.24-202411220522.p0.gcc4fedc.assembly.4.16.24.el9 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected v4.16.0-202501160405.p0.g300d9ad.assembly.stream.el9 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected 0:4.17.7-202411280904.p0.g129334d.assembly.4.17.7.el9 * rpm | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected v4.17.0-202501052337.p0.gbb33e13.assembly.stream.el9 * rpm | Not specified |
| ADP | Red Hat | OpenShift Developer Tools And Services | Not specified | Not specified |
| ADP | Red Hat | OpenShift Developer Tools And Services | Not specified | Not specified |
| ADP | Red Hat | Power Monitoring For Red Hat OpenShift | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Virtualization 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/security/cve/CVE-2024-21626 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:0650 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626 | af854a3a-2127-422b-91ae-364da2661108 | www.vicarius.io | |
| security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21626.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0717 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0662 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0666 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| lists.debian.org/debian-lts-announce/2024/02/msg00005.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| access.redhat.com/errata/RHSA-2025:0115 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| oss-security - Re: Re: runc: CVE-2024-21626: high severity container breakout attack | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2024:0645 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escal... | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| access.redhat.com/errata/RHSA-2024:0760 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0764 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0758 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0752 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0756 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| access.redhat.com/errata/RHSA-2024:10841 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| Merge pull request from GHSA-xr7r-f8xq-vfvv · opencontainers/runc@0212048 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| access.redhat.com/errata/RHSA-2024:10525 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:10520 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:2441 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| access.redhat.com/errata/RHSA-2025:2710 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0759 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0757 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0755 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| oss-security - Re: runc: CVE-2024-21626: high severity container breakout attack | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2024:0670 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:0684 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:2701 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:1711 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| access.redhat.com/errata/RHSA-2024:4597 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| Release runc 1.1.12 -- "Now you're thinking with Portals™!" · opencontainers/runc · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| access.redhat.com/errata/RHSA-2024:1270 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| several container breakouts due to internally leaked fds · Advisory · opencontainers/runc · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit, Vendor Advisory |
| access.redhat.com/errata/RHSA-2024:0748 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:10149 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2024-01-17T00:00:00.000Z | Reported to Red Hat. |
| ADP | 2024-01-31T20:01:00.000Z | Made public. |
Solutions
ADP: RHSA-2024:1270: Red Hat Enterprise Linux 7 Extras
ADP: RHSA-2024:0717: Red Hat Enterprise Linux 7 Extras
ADP: RHSA-2024:4597: OpenShift Developer Tools and Services for OCP 4.15
ADP: RHSA-2024:0684: Red Hat OpenShift Container Platform 4.11
ADP: RHSA-2025:2441: Red Hat OpenShift Container Platform 4.12
ADP: RHSA-2024:0666: Red Hat OpenShift Container Platform 4.12
ADP: RHSA-2025:2701: Red Hat OpenShift Container Platform 4.13
ADP: RHSA-2024:0662: Red Hat OpenShift Container Platform 4.13
ADP: RHSA-2025:2710: Red Hat OpenShift Container Platform 4.14
ADP: RHSA-2024:0645: Red Hat OpenShift Container Platform 4.14
ADP: RHSA-2025:1711: Red Hat OpenShift Container Platform 4.15
ADP: RHSA-2024:10525: Red Hat OpenShift Container Platform 4.14
ADP: RHSA-2024:10841: Red Hat OpenShift Container Platform 4.15
ADP: RHSA-2024:10149: Red Hat OpenShift Container Platform 4.16
ADP: RHSA-2025:0650: Red Hat OpenShift Container Platform 4.16
ADP: RHSA-2024:10520: Red Hat OpenShift Container Platform 4.17
ADP: RHSA-2025:0115: Red Hat OpenShift Container Platform 4.17
ADP: RHSA-2024:0758: Red Hat Enterprise Linux AppStream AUS (v. 8.2), Red Hat Enterprise Linux AppStream E4S (v. 8.2), Red Hat Enterprise Linux AppStream TUS (v. 8.2)
ADP: RHSA-2024:0760: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream E4S (v.8.4), Red Hat Enterprise Linux AppStream TUS (v.8.4)
ADP: RHSA-2024:0757: Red Hat Enterprise Linux AppStream EUS (v.8.6)
ADP: RHSA-2024:0764: Red Hat Enterprise Linux AppStream EUS (v.8.6)
ADP: RHSA-2024:0759: Red Hat Enterprise Linux AppStream EUS (v.8.8)
ADP: RHSA-2024:0748: Red Hat Enterprise Linux AppStream (v. 8)
ADP: RHSA-2024:0752: Red Hat Enterprise Linux AppStream (v. 8)
ADP: RHSA-2024:0756: Red Hat Enterprise Linux AppStream EUS (v.9.0)
ADP: RHSA-2024:0755: Red Hat Enterprise Linux AppStream EUS (v.9.2)
ADP: RHSA-2024:0670: Red Hat Enterprise Linux AppStream (v. 9)
Workarounds
ADP: Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the 'RUN' and 'WORKDIR' directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.
Legacy QID Mappings
- 161335 Oracle Enterprise Linux Security Update for runc (ELSA-2024-0670)
- 161340 Oracle Enterprise Linux Security Update for runc (ELSA-2024-17931)
- 161341 Oracle Enterprise Linux Security Update for runc (ELSA-2024-12148)
- 161353 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2024-0752)
- 161356 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2024-0748)
- 200090 Ubuntu Security Notification for runC Vulnerability (USN-6619-1)
- 242818 Red Hat Update for runc (RHSA-2024:0670)
- 242889 Red Hat Update for runc (RHSA-2024:0717)
- 242891 Red Hat Update for container-tools:rhel8 (RHSA-2024:0752)
- 242892 Red Hat Update for container-tools:2.0 (RHSA-2024:0758)
- 242893 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2024:0662)
- 242894 Red Hat Update for container-tools:4.0 (RHSA-2024:0748)
- 242897 Red Hat Update for container-tools:3.0 (RHSA-2024:0760)
- 242898 Red Hat Update for runc (RHSA-2024:0756)
- 242899 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2024:0666)
- 242900 Red Hat Update for container-tools:rhel8 (RHSA-2024:0759)
- 242902 Red Hat Update for container-tools:4.0 (RHSA-2024:0757)
- 242904 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2024:0645)
- 242905 Red Hat Update for container-tools:rhel8 (RHSA-2024:0764)
- 242907 Red Hat Update for runc (RHSA-2024:0755)
- 242909 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2024:0684)
- 243056 Red Hat Update for docker (RHSA-2024:1270)
- 284908 Fedora Security Update for runc (FEDORA-2024-9044c9eefa)
- 285005 Fedora Security Update for runc (FEDORA-2024-900dc7f6ff)
- 357062 Amazon Linux Security Advisory for runc : ALAS2ECS-2024-033
- 357063 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2024-036
- 357064 Amazon Linux Security Advisory for runc : ALAS2NITRO-ENCLAVES-2024-036
- 357065 Amazon Linux Security Advisory for runc : ALAS2023-2024-501
- 357066 Amazon Linux Security Advisory for runc : ALAS-2024-1911
- 379336 Docker and runc container breakout Vulnerability (Leaky Vessels) (GHSA-xr7r-f8xq-vfvv)
- 379337 Docker Desktop Runc and BuildKit Vulnerability
- 379338 Docker Engine Runc and BuildKit Multiple Vulnerabilities
- 379341 Alibaba Cloud Linux Security Update for runc (ALINUX3-SA-2024:0015)
- 379641 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)
- 510703 Alpine Linux Security Update for runc
- 6000469 Debian Security Update for runc (DSA 5615-1)
- 6000482 Debian Security Update for runc (DLA 3735-1)
- 6140326 AWS Bottlerocket Security Update for runc (GHSA-gvfx-46w7-j3xv)
- 673388 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1234)
- 674075 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1212)
- 674125 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1483)
- 674131 EulerOS Security Update for docker-runc (EulerOS-SA-2024-1504)
- 755685 SUSE Enterprise Linux Security Update for runc (SUSE-SU-2024:0295-1)
- 755746 SUSE Enterprise Linux Security Update for runc (SUSE-SU-2024:0459-1)
- 770228 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2024:0662)
- 770229 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2024:0666)
- 770230 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2024:0645)
- 770231 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2024:0684)
- 907848 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (34087-1)
- 907932 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (34075)
- 907943 Common Base Linux Mariner (CBL-Mariner) Security Update for cri-tools (34060)
- 907949 Common Base Linux Mariner (CBL-Mariner) Security Update for kubernetes (34074)
- 907960 Common Base Linux Mariner (CBL-Mariner) Security Update for kubernetes (34074-1)
- 907974 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (34075-1)
- 907986 Common Base Linux Mariner (CBL-Mariner) Security Update for cri-tools (34060-1)
- 941569 AlmaLinux Security Update for runc (ALSA-2024:0670)
- 941572 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2024:0752)
- 941573 AlmaLinux Security Update for container-tools:4.0 (ALSA-2024:0748)
- 961114 Rocky Linux Security Update for container-tools:rhel8 (RLSA-2024:0752)
- 997036 GO (Go) Security Update for github.com/opencontainers/runc (GHSA-xr7r-f8xq-vfvv)