# Advisory on CVE-2024-21626

## Container Escape via runc

On January 31, 2024, cybersecurity company Snyk disclosed a vulnerability in all versions of runc, up to and including 1.1.11, which is utilized by the Docker engine and other containerization technologies like Kubernetes.

The runc application is used for spawning and running containers on Linux. The vulnerability enables containerized escape for attackers that execute a malicious image or build an image using a malicious Dockerfile or an upstream image.

The CVE ID [<mark style="color:blue;">CVE-2024-21626</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) is assigned to this vulnerability and has a **High** severity with Common Vulnerability Scoring System (CVSS) of **8.6** score. For more information about the technical details of the vulnerability, see the official [<mark style="color:blue;">runc advisory</mark>](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv) and the [<mark style="color:blue;">analysis by Snyk</mark>](https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/).

## Impacted IONOS Cloud products

| Product Ranges | Product                                                                                                                          | Impacted | Mitigated | Patch Status |
| -------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------- | --------- | ------------ |
| Containers     | [<mark style="color:blue;">Managed Kubernetes</mark>](https://docs.ionos.com/sections-test/guides/containers/managed-kubernetes) | Yes      | Yes       | Done         |

## What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We own the patching responsibilities and have already completed patching to update runc version 1.1.12.

## What action can you take to mitigate the vulnerability?

As a best practice, ensure that Docker images use trusted and verified sources. No patching is required from your end.

## How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).