vulnerability

Oracle Linux: CVE-2021-30465: ELSA-2021-14902: runc security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Published
May 19, 2021
Added
Jun 11, 2021
Modified
Dec 3, 2025

Description

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.

Solutions

oracle-linux-upgrade-buildahoracle-linux-upgrade-buildah-testsoracle-linux-upgrade-cockpit-podmanoracle-linux-upgrade-conmonoracle-linux-upgrade-containernetworking-pluginsoracle-linux-upgrade-containers-commonoracle-linux-upgrade-container-selinuxoracle-linux-upgrade-critoracle-linux-upgrade-criuoracle-linux-upgrade-crunoracle-linux-upgrade-docker-clioracle-linux-upgrade-docker-engineoracle-linux-upgrade-fuse-overlayfsoracle-linux-upgrade-libslirporacle-linux-upgrade-libslirp-develoracle-linux-upgrade-oci-seccomp-bpf-hookoracle-linux-upgrade-podmanoracle-linux-upgrade-podman-catatonitoracle-linux-upgrade-podman-dockeroracle-linux-upgrade-podman-pluginsoracle-linux-upgrade-podman-remoteoracle-linux-upgrade-podman-testsoracle-linux-upgrade-python3-criuoracle-linux-upgrade-python-podman-apioracle-linux-upgrade-runcoracle-linux-upgrade-skopeooracle-linux-upgrade-skopeo-testsoracle-linux-upgrade-slirp4netnsoracle-linux-upgrade-udica

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today