Skip to main content

Runc CVE-2021-30465

HIGH
Race Condition (CWE-362)
2021-05-27 cve@mitre.org
8.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 27, 2021 - 13:15 nvd
HIGH 8.5

DescriptionNVD

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

AnalysisAI

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-362. runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. Affected products include: Linuxfoundation Runc, Fedoraproject Fedora. Version information: before 1.0.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Runc

View all
CVE-2024-21626 HIGH POC
8.6

Alpine Linux: runc fixed in 1.1.12-r0

CVE-2025-52565 HIGH POC
8.4 Nov 06

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 8.4

CVE-2019-16884 HIGH POC
7.5 Sep 25

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass beca

CVE-2025-52881 HIGH POC
7.3 Nov 06

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3

CVE-2025-31133 HIGH POC
7.3 Nov 06

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3

CVE-2023-27561 HIGH POC
7.0 Mar 03

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linu

CVE-2023-25809 MEDIUM POC
6.3 Mar 29

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated medium severity (CVSS 6

CVE-2021-43784 MEDIUM POC
5.0 Dec 06

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severit

CVE-2016-3697 HIGH
7.8 Jun 01

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a po

CVE-2023-28642 HIGH
7.8 Mar 29

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.8

CVE-2022-29162 HIGH
7.8 May 17

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity

CVE-2022-24769 MEDIUM
5.9 Mar 24

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi

Share

CVE-2021-30465 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy