High severityNVD Advisory· Published May 27, 2021· Updated Aug 3, 2024
CVE-2021-30465
CVE-2021-30465
Description
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/opencontainers/runcGo | < 1.0.0-rc95 | 1.0.0-rc95 |
Affected products
87- runc/runcdescription
- osv-coords86 versionspkg:apk/chainguard/runcpkg:apk/chainguard/runc-docpkg:apk/wolfi/runcpkg:apk/wolfi/runc-docpkg:golang/github.com/opencontainers/runcpkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python-podman-apipkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/udicapkg:rpm/opensuse/containerd&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/containerd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/docker-kubic&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/runc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/runc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/runc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/containerd&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP2pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/containerd&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/containerd&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/containerd&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/docker&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP2pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/docker&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/docker&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/docker&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/runc&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/runc&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP2pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/runc&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/runc&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/runc&distro=SUSE%20Manager%20Server%204.0
< 0+ 85 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.0-rc95
- (no CPE)range: < 11-1.module_el8.5.0+108+00865455
- (no CPE)range: < 2:2.0.15-1.module_el8.5.0+108+00865455
- (no CPE)range: < 0.8.3-4.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1:0.1.41-4.module_el8.5.0+108+00865455
- (no CPE)range: < 2:2.130.0-1.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 3.12-9.module_el8.3.0+2044+12421f43
- (no CPE)range: < 3.12-9.module_el8.4.0+2496+12421f43
- (no CPE)range: < 0.7.8-1.module_el8.5.0+108+00865455
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.12-9.module_el8.3.0+2044+12421f43
- (no CPE)range: < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1:0.1.41-4.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1:0.1.41-4.module_el8.5.0+108+00865455
- (no CPE)range: < 0.4.2-3.git21fdece.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 0.0.7-1.module_el8.5.0+108+00865455
- (no CPE)range: < 0.2.1-2.module_el8.5.0+108+00865455
- (no CPE)range: < 1.4.4-lp152.2.6.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 20.10.6_ce-lp152.2.12.1
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.9_ce-156.1
- (no CPE)range: < 0.0.20250807T150727-1.1
- (no CPE)range: < 1.0.0~rc93-lp152.2.3.1
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.2-1.2
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.11-56.1
- (no CPE)range: < 1.4.11-16.45.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 1.4.4-5.32.1
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.9_ce-156.1
- (no CPE)range: < 20.10.9_ce-98.72.1
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 20.10.6_ce-6.49.3
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.2-23.1
- (no CPE)range: < 1.0.0~rc93-16.11.1
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
- (no CPE)range: < 1.0.0~rc93-1.14.2
Patches
Vulnerability mechanics
References
15- github.com/advisories/GHSA-c3xm-pvg7-gh7rghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2021-30465ghsaADVISORY
- security.gentoo.org/glsa/202107-26ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2021/05/19/2ghsamailing-listWEB
- bugzilla.opensuse.org/show_bug.cgighsaWEB
- github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595fghsaWEB
- github.com/opencontainers/runc/releasesghsaWEB
- github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7rghsaWEB
- lists.debian.org/debian-lts-announce/2023/03/msg00023.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHHghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHVghsaWEB
- security.netapp.com/advisory/ntap-20210708-0003ghsaWEB
- security.netapp.com/advisory/ntap-20210708-0003/mitre
News mentions
0No linked articles in our index yet.