CVE-2021-30465 — Mount destinations can be swapped via symlink-exchange to cause mounts outside t

Description

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

How to fix CVE-2021-30465

To remediate CVE-2021-30465, upgrade the affected package to a fixed version below.

—upgrade to 1.0.0~rc93+ds1-5 or later
—upgrade to 1.0.0-rc95 or later
—upgrade to 1.0.0-rc95 or later

Is CVE-2021-30465 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.0.0~rc93+ds1-5
from 0, < 1.0.0-rc95
from 0, < 1.0.0-rc95

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-30465
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-30465
WEBbugzilla.opensuse.org/show_bug.cgi?id=1185405
WEBgithub.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f