Advisory on CVE-2024-21626
Container Escape via runc
On January 31, 2024, cybersecurity company Snyk disclosed a vulnerability in all versions of runc, up to and including 1.1.11, which is utilized by the Docker engine and other containerization technologies like Kubernetes.
The runc application is used for spawning and running containers on Linux. The vulnerability enables containerized escape for attackers that execute a malicious image or build an image using a malicious Dockerfile or an upstream image.
The CVE ID CVE-2024-21626 is assigned to this vulnerability and has a High severity with Common Vulnerability Scoring System (CVSS) of 8.6 score. For more information about the technical details of the vulnerability, see the official runc advisory and the analysis by Snyk.
Impacted IONOS Cloud products
| Product Ranges | Product | Impacted | Mitigated | Patch Status |
|---|---|---|---|---|
Containers | Yes | Yes | Done |
What action has IONOS Cloud taken to mitigate the severity?
IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We own the patching responsibilities and have already completed patching to update runc version 1.1.12.
What action can you take to mitigate the vulnerability?
As a best practice, ensure that Docker images use trusted and verified sources. No patching is required from your end.
How can I get help?
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
Last updated