Thursday, May 27, 2021

Red Hat OpenShift: CVE-2021-30465: runc: vulnerable to symlink exchange attack

Description
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.
Solution(s)
  • linuxrpm-upgrade-runc


  • References
  • https://attackerkb.com/topics/cve-2021-30465
  • CVE - 2021-30465
  • RHSA-2021:1562




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated