// For flags

CVE-2021-30465

runc: vulnerable to symlink exchange attack

Severity Score

8.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

runc versiones anteriores a 1.0.0-rc95, permite un Container Filesystem Breakout por medio de un Salto de Directorio. Para explotar la vulnerabilidad, un atacante debe ser capaz de crear varios contenedores con una configuración de montaje bastante específica. El problema ocurre por medio de un ataque de intercambio de enlaces simbólicos que se basa en una condición de carrera

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-08 CVE Reserved
  • 2021-05-19 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
<= 0.1.1
Search vendor "Linuxfoundation" for product "Runc" and version " <= 0.1.1"
-
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc1
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc10
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc2
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc3
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc4
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc5
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc6
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc7
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc8
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc9
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc90
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc91
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc92
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc93
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Runc
Search vendor "Linuxfoundation" for product "Runc"
1.0.0
Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0"
rc94
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected