{"vulnerability": "GHSA-XR7R-F8XQ-VFVV", "sightings": [{"uuid": "0c265738-6715-40ad-aa15-31a41205c716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-xr7r-f8xq-vfvv", "type": "seen", "source": "https://gist.github.com/alon710/2797ff918da18cd8efb7dd0b447a880e", "content": "", "creation_timestamp": "2026-01-24T21:32:25.000000Z"}, {"uuid": "3243aacc-6451-4843-919f-f29a986b01ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-XR7R-F8XQ-VFVV", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16539", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21626\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.\n\ud83d\udccf Published: 2024-01-31T21:31:14.391Z\n\ud83d\udccf Modified: 2025-05-15T16:02:34.619Z\n\ud83d\udd17 References:\n1. https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv\n2. https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf\n3. https://github.com/opencontainers/runc/releases/tag/v1.1.12\n4. http://www.openwall.com/lists/oss-security/2024/02/01/1\n5. http://www.openwall.com/lists/oss-security/2024/02/02/3\n6. http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html\n7. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/\n8. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/\n9. https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", "creation_timestamp": "2025-05-15T16:35:37.000000Z"}, {"uuid": "92b83bf8-634e-43f4-bf95-c28837917cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-XR7R-F8XQ-VFVV", "type": "seen", "source": "https://t.me/ctinow/177539", "content": "https://ift.tt/p6WuzJI\nCVE-2024-21626 | opencontainers runc up to 1.1.11 on Linux Internal File Descriptor file descriptor (GHSA-xr7r-f8xq-vfvv)", "creation_timestamp": "2024-02-01T12:41:13.000000Z"}]}