Plattform
go
Komponente
github.com/cri-o/cri-o
Behoben in
1.30.1
1.29.5
1.28.7
1.28.7
1.28.7
1.28.7
CVE-2024-5154 describes a high-severity vulnerability in cri-o, a container runtime. A malicious container can exploit this flaw to create a symbolic link named "mtab" on the host's external filesystem, potentially allowing for privilege escalation and host compromise. This vulnerability affects versions of cri-o prior to 1.28.7, and a patch has been released to address the issue.
The core of this vulnerability lies in cri-o's handling of container filesystem operations. A malicious container, if compromised, can leverage this flaw to create a symbolic link named "mtab" on the host's external filesystem. The 'mtab' file typically contains information about mounted filesystems. By creating a symlink with this name, an attacker could potentially manipulate the host's view of mounted filesystems, leading to arbitrary code execution or other unauthorized actions. This could allow an attacker to gain root access to the host system and compromise its data and services. The potential impact is significant, as a successful exploitation could lead to complete host takeover.
CVE-2024-5154 was publicly disclosed on June 14, 2024. The vulnerability's impact is significant due to the potential for host compromise. There is currently no indication of active exploitation campaigns targeting this vulnerability, but the availability of a public CVE suggests that attackers may begin to develop exploits. The EPSS score is likely to be medium, reflecting the vulnerability's severity and potential impact.
Organizations heavily reliant on containerized applications using cri-o are at risk. This includes Kubernetes clusters and environments utilizing cri-o as a container runtime. Specifically, deployments with lenient container isolation policies or those running older, unpatched cri-o versions are particularly vulnerable.
• linux / server:
journalctl -u cri-o -g "symlink creation"• linux / server:
find / -name mtab -type l• linux / server:
ps aux | grep cri-o | grep -i mtabdisclosure
Exploit-Status
EPSS
1.68% (82% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-5154 is to upgrade cri-o to version 1.28.7 or later. If an immediate upgrade is not feasible, consider implementing stricter container isolation measures. This could involve using namespaces and cgroups to limit the container's access to the host filesystem. Reviewing and hardening the container runtime configuration is also crucial. Network policies can be used to restrict container communication. After upgrading, confirm the fix by verifying that the 'mtab' symlink cannot be created within a container.
Actualice cri-o a la versión 1.30.1 o superior, o a las versiones indicadas en los advisories de Red Hat (RHSA-2024:10818, RHSA-2024:3676, RHSA-2024:3700). Esto evitará que contenedores maliciosos creen enlaces simbólicos en el host y accedan a archivos arbitrarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-5154 is a high-severity vulnerability in cri-o where a malicious container can create a symlink named 'mtab' on the host, potentially leading to privilege escalation.
You are affected if you are running cri-o versions prior to 1.28.7. Check your version and upgrade immediately.
Upgrade cri-o to version 1.28.7 or later. Consider stricter container isolation policies as an interim measure.
There are currently no known public exploits or active campaigns, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the cri-o project's security advisories for the latest information: https://github.com/cri-o/cri-o/security/advisories
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.