CVE-2024-21626

ULN >
Oracle Linux CVE repository >
CVE-2024-21626

CVE Details

Release Date:

2024-01-31

Description

A file descriptor leak issue was found in the runc package. While a user performs `O_CLOEXEC` all file descriptors before executing the container code, the file descriptor is open when performing `setcwd(2)`, which means that the reference can be kept alive in the container by configuring the working directory to be a path resolved through the file descriptor. The non-dumpable bit is unset after `execve`, meaning there are multiple ways to attack this other than bad configurations. The only way to defend against it entirely is to close all unneeded file descriptors.

See more information about CVE-2024-21626 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	8.6	Base Metrics:	AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Access Vector:	Local network	Attack Complexity:	Low
Privileges Required:	None	User Interaction:	Required
Scope:	Changed	Confidentiality Impact:	High
Integrity Impact:	High	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (runc)	ELSA-2024-12148	2024-02-09
Oracle Linux version 7 (runc)	ELSA-2024-17931	2024-02-09
Oracle Linux version 8 (aardvark-dns)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (buildah)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (buildah)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (cockpit-podman)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (cockpit-podman)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (conmon)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (conmon)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (container-selinux)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (container-selinux)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (containernetworking-plugins)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (containernetworking-plugins)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (containers-common)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (containers-common)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (criu)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (criu)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (crun)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (crun)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (fuse-overlayfs)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (fuse-overlayfs)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (libslirp)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (libslirp)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (netavark)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (oci-seccomp-bpf-hook)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (oci-seccomp-bpf-hook)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (podman)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (podman)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (python-podman)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (python-podman)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (runc)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (runc)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (skopeo)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (skopeo)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (slirp4netns)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (slirp4netns)	ELSA-2024-0752	2024-02-14
Oracle Linux version 8 (udica)	ELSA-2024-0748	2024-02-14
Oracle Linux version 8 (udica)	ELSA-2024-0752	2024-02-14
Oracle Linux version 9 (runc)	ELSA-2024-0670	2024-02-05

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691