OpenShift Container Platform 4.14 update for runc



Published: 2024-02-09 | Updated: 2024-04-19
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-21626
CWE-ID CWE-254
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

spdlog (Red Hat package)
Operating systems & Components / Operating system package or component

runc (Red Hat package)
Operating systems & Components / Operating system package or component

ose-aws-ecr-image-credential-provider (Red Hat package)
Operating systems & Components / Operating system package or component

openstack-ironic-python-agent (Red Hat package)
Operating systems & Components / Operating system package or component

openshift (Red Hat package)
Operating systems & Components / Operating system package or component

crun (Red Hat package)
Operating systems & Components / Operating system package or component

cri-tools (Red Hat package)
Operating systems & Components / Operating system package or component

container-selinux (Red Hat package)
Operating systems & Components / Operating system package or component

kernel-rt (Red Hat package)
Operating systems & Components / Operating system package or component

kernel (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Security features bypass

EUVDB-ID: #VU85991

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2024-21626

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an internal file descriptor leak that can cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace or a malicious image to allow a container process to gain access to the host filesystem through runc run. A remote attacker can trick the victim into loading a malicious image to bypass sandbox restrictions and execute arbitrary code on the host OS.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.10

spdlog (Red Hat package): before 1.13.0-1.rhaos4.14.el9

runc (Red Hat package): before 1.1.12-1.rhaos4.14.el9

ose-aws-ecr-image-credential-provider (Red Hat package): before 4.14.0-202401261353.p0.g607e2dd.assembly.stream.el9

openstack-ironic-python-agent (Red Hat package): before 9.6.1-0.20240103100525.3197b9d.el9

openshift (Red Hat package): before 4.14.0-202401231033.p0.g28ed2d7.assembly.stream.el9

crun (Red Hat package): before 1.14-1.rhaos4.14.el9

cri-tools (Red Hat package): before 1.27.0-3.el9

container-selinux (Red Hat package): before 2.226.0-1.rhaos4.14.el9

kernel-rt (Red Hat package): before 5.14.0-284.50.1.rt14.335.el9_2

kernel (Red Hat package): before 5.14.0-284.50.1.el9_2

External links

http://access.redhat.com/errata/RHSA-2024:0645


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###