3.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-45310

GHSA ID

GHSA-jfvp-7x6p-h2pv

EPSS Score

0.00517%

CWE

CWE-61

Published

9/3/2024

Updated

2/21/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-45310

CVE-2024-45310: runc can be confused to create empty files/directories on the host

Impact

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files will not be truncated.

An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed.

This is exploitable using runc directly as well as through Docker and Kubernetes.

The CVSS score for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (Low severity, 3.6).

Workarounds

Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use /etc/sub[ug]id), this in practice means that an attacker would only be able to create inodes in world-writable directories.

A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though we haven't thoroughly tested to what extent the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack.

Patches

Fixed in runc v1.1.14 and v1.2.0-rc3.

main patches:
- https://github.com/opencontainers/runc/pull/4359
- https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7
release-1.1 patches:
- https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e

Miggo Vulnerability Database

→

CVE-2024-45310

CVE-2024-45310:

3.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-45310

GHSA ID

GHSA-jfvp-7x6p-h2pv

EPSS Score

0.00517%

CWE

CWE-61

Published

9/3/2024

Updated

2/21/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/opencontainers/runc	go	< 1.1.14	1.1.14
github.com/opencontainers/runc	go	>= 1.2.0-rc.1, < 1.2.0-rc.3	1.2.0-rc.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability (CVE-2024-45310) in runc stems from a race condition when using os.MkdirAll and os.OpenFile(O_CREATE) to create directories and files for container mounts and device nodes. An attacker could manipulate symlinks in the path between the security check (e.g., SecureJoin) and the actual filesystem operation, causing runc to create empty files/directories outside the intended container rootfs. The analysis of the provided patches (commits 63c2908164f3a1daea455bf5bcd8d363d70328c7, 8781993968fd964ac723ff5f360b6f259e809a3e, f0b652ea61ff6750a8fcc69865d45a7abf37accf, and 1410a6988d439ed2e17d5860cb95b8e50ed08a81) reveals that the vulnerable functions are those that directly invoked these Go standard library functions on potentially attacker-influenced paths. The patches replace these calls with new utility functions (utils.MkdirAllInRoot, utils.MkdirAllInRootOpen, and system.Mkdirat/unix.Mknodat) that are designed to be safe against such symlink race attacks by operating within the validated rootfs and using file descriptor-based operations where possible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-45310: runc can be confused to create empty files/directories on the host

Impact

Workarounds

Patches

CVE-2024-45310:

3.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

Basic Information

Basic Information

3.6

3.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2024-45310: runc can be confused to create empty files/directories on the host

Impact

Workarounds

Patches

Credits

3.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-45310: runc can be confused to create empty files/directories on the host

Impact

Workarounds

Patches

CVE-2024-45310:

3.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

3.6

3.6

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2024-45310: runc can be confused to create empty files/directories on the host

Impact

Workarounds

Patches

Credits

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI