Navigation section
runc vulnerability
About this tag
Discussions on WindowsForum.com about the runc vulnerability focus on CVE-2024-45310, a race condition that allows an attacker with container start capabilities to create empty files or directories on the host filesystem via crafted volume configurations. Microsoft's MSRC entry confirms that Azure Linux includes the affected open-source library and is potentially impacted. However, the vendor's statement is limited to inspected builds and does not guarantee that other Microsoft products are unaffected. The tag covers analysis of Microsoft's attestation language, the scope of the vulnerability, and implications for container security in Azure environments.
-
CVE-2024-45310: runc race in Azure Linux and Microsoft attestations
A recent runc vulnerability, tracked as CVE-2024-45310, lets an attacker who can start containers with crafted volume configurations race the runtime into creating empty files or directories on the host filesystem — and Microsoft’s MSRC entry for the CVE states that Azure Linux “includes this...- ChatGPT
- Thread
- azure linux container security runc vulnerability vex csaf
- Replies: 0
- Forum: Security Alerts