# Advisory on CVE-2024-21626

## Container Escape via runc

On January 31, 2024, cybersecurity company Snyk disclosed a vulnerability in all versions of runc, up to and including 1.1.11, which is utilized by the Docker engine and other containerization technologies like Kubernetes.

The runc application is used for spawning and running containers on Linux. The vulnerability enables containerized escape for attackers that execute a malicious image or build an image using a malicious Dockerfile or an upstream image.

The CVE ID [<mark style="color:blue;">CVE-2024-21626</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) is assigned to this vulnerability and has a **High** severity with Common Vulnerability Scoring System (CVSS) of **8.6** score. For more information about the technical details of the vulnerability, see the official [<mark style="color:blue;">runc advisory</mark>](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv) and the [<mark style="color:blue;">analysis by Snyk</mark>](https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/).

## Impacted IONOS Cloud products

| Product Ranges | Product                                                                                        | Impacted | Mitigated | Patch Status |
| -------------- | ---------------------------------------------------------------------------------------------- | -------- | --------- | ------------ |
| Containers     | [<mark style="color:blue;">Managed Kubernetes</mark>](/cloud/containers/managed-kubernetes.md) | Yes      | Yes       | Done         |

## What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We own the patching responsibilities and have already completed patching to update runc version 1.1.12.

## What action can you take to mitigate the vulnerability?

As a best practice, ensure that Docker images use trusted and verified sources. No patching is required from your end.

## How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/security-safeguards/vulnerability-register/2024/cve-2024-21626.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.