Advisory on CVE-2024-21626

Container Escape via runc

On January 31, 2024, cybersecurity company Snyk disclosed a vulnerability in all versions of runc, up to and including 1.1.11, which is utilized by the Docker engine and other containerization technologies like Kubernetes.

The runc application is used for spawning and running containers on Linux. The vulnerability enables containerized escape for attackers that execute a malicious image or build an image using a malicious Dockerfile or an upstream image.

The CVE ID CVE-2024-21626 is assigned to this vulnerability and has a High severity with Common Vulnerability Scoring System (CVSS) of 8.6 score. For more information about the technical details of the vulnerability, see the official runc advisory and the analysis by Snyk.

Impacted IONOS Cloud Products

Product Ranges	Product	Impacted	Mitigated	Patch Status
Managed Services	Managed Kubernetes	Yes	Yes	Done

Product Ranges

Product

Impacted

Mitigated

Patch Status

Managed Services

Managed Kubernetes

Yes

Done

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We own the patching responsibilities and have already completed patching to update runc version 1.1.12.

What action can IONOS customers take to mitigate the vulnerability?

As a best practice, ensure that Docker images use trusted and verified sources. No patching is required from your end.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

PreviousAdvisory on CVE-2024-3094 NextAdvisory on CVE-2023-23583

Last updated 21 days ago