Wind River Support Network

HomeDefectsLIN1021-235
Fixed

LIN1021-235 : Security Advisory - runc-docker - CVE-2021-30465

Created: May 23, 2021    Updated: Aug 24, 2021
Resolved Date: Jul 20, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.3
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

https://nvd.nist.gov/vuln/detail/CVE-2021-30465

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube