CVE-2024-45310

一、漏洞信息
 漏洞编号：[CVE-2024-45310](https://nvd.nist.gov/vuln/detail/CVE-2024-45310)
 漏洞归属组件：[runc](https://gitee.com/src-openeuler/runc)
 漏洞归属的版本：1.1.8
 CVSS V3.0分值：
  BaseScore：3.6 Low
  Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
 漏洞简述：
  A vulnerability, which was classified as problematic, has been found in opencontainers runc up to 1.1.13/1.2.0-rc2 (Virtualization Software).Using CWE to declare the problem leads to CWE-363. The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file.Impacted is integrity.Upgrading to version 1.1.14 or 1.2.0-rc.3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
 漏洞公开时间：2024-09-04 03:15:15
 漏洞创建时间：2024-09-03 14:40:15
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-45310
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://seclists.org/oss-sec/2024/q3/237 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2024-45310 |  |
|  | https://www.mend.io/vulnerability-database/CVE-2024-45310 |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2024-45310 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-45310 |  |
|  | https://github.com/opencontainers/runc |  |
|  | https://cxsecurity.com/cveshow/CVE-2024-45310/ |  |
|  | https://access.redhat.com/security/cve/cve-2024-45310 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/releases/tag/v1.1.14 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/releases/tag/v1.1.14 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/releases/tag/v1.1.14 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-45310 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-45310 |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://access.redhat.com/security/cve/CVE-2024-45310 |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://security-tracker.debian.org/tracker/CVE-2024-45310 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |
|  | https://github.com/opencontainers/runc/pull/4359 |  |
|  | https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv |  |
|  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  |
|  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  |
|  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其他
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| opencontainers/runc |  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7.patch |  | ljqc |
|  |  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  | nvd |
|  |  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  | nvd |
|  |  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  | nvd |
|  |  | https://github.com/opencontainers/runc/pull/4359 |  | nvd |
|  |  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  | snyk |
|  |  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  | snyk |
|  |  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  | snyk |
|  |  | https://github.com/opencontainers/runc/pull/4359 |  | snyk |
|  |  | https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 |  | osv |
|  |  | https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e |  | osv |
|  |  | https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf |  | osv |
|  |  | https://github.com/opencontainers/runc/pull/4359 |  | osv |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
                  通过在两个容器之间共享卷并利用 os.MkdirAll 的竞争来诱骗在主机文件系统中的任意位置创建空文件或目录，runc 1.1.13 及更早版本以及 1.2.0-rc2 及更早版本。        
 openEuler评分：
  3.6
 Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
 受影响版本排查(受影响/不受影响)：
  1.master:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS-SP1:受影响
4.openEuler-22.03-LTS-SP3:受影响
5.openEuler-22.03-LTS-SP4:受影响
6.openEuler-24.03-LTS:受影响
7.openEuler-24.03-LTS-Next:受影响

修复是否涉及abi变化(是/否)：
  1.master:否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP1:否
4.openEuler-22.03-LTS-SP3:否
5.openEuler-22.03-LTS-SP4:否
6.openEuler-24.03-LTS:否
7.openEuler-24.03-LTS-Next:否

原因说明：
  1.master:
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS:
6.openEuler-24.03-LTS-Next:
7.openEuler-24.03-LTS-SP1:
8.openEuler-24.03-LTS-SP2:

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-2137

src-openEuler/runc

内容风险标识

评论 (12)

src-openEuler/runc .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-45310

评论 (12)

搜索帮助

src-openEuler/runc