An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nNXA2LTMyN20tM2Z4eM4AA5Bp

Talos Linux ships runc vulnerable to the escape to the host attack


Snyk has discovered a vulnerability in all versions of runc <=1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious image or building an image using a malicious Dockerfile or upstream image (i.e., when using FROM). This issue has been assigned the CVE-2024-21626.


runc runtime was updated to 1.1.12 in Talos v1.5.6 and v1.6.4.


Inspect the workloads running on the cluster to make sure they are not trying to exploit the vulnerability.


Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 28 days ago
Updated: 28 days ago

CVSS Score: 8.6
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Identifiers: GHSA-g5p6-327m-3fxx

Affected Packages
Versions: < 1.5.6, >= 1.6.0, < 1.6.4
Fixed in: 1.5.6, 1.6.4