Platform
go
Component
github.com/cri-o/cri-o
Fixed in
1.30.1
1.29.5
1.28.7
1.28.7
1.28.7
1.28.7
CVE-2024-5154 describes a high-severity vulnerability in cri-o, a container runtime. This vulnerability allows a malicious container to create a symbolic link named "mtab" on the host's external filesystem. This action can be exploited to potentially escalate privileges and compromise the underlying host system. The vulnerability affects versions of cri-o prior to 1.28.7, and a patch has been released.
The core of this vulnerability lies in cri-o's insufficient controls over container filesystem operations. A malicious container, if compromised, can leverage this weakness to create a symlink named "mtab" directly on the host's filesystem. The 'mtab' file is a critical system file used by the Linux kernel to manage mounted filesystems. By creating a symlink with this name, an attacker could potentially redirect the kernel to point to a malicious location, allowing them to manipulate the host's filesystem and gain elevated privileges. This could lead to complete host compromise, including data theft, system disruption, and further lateral movement within the network. While the direct impact is privilege escalation, the potential for broader damage is significant.
CVE-2024-5154 was publicly disclosed on June 14, 2024. The vulnerability's impact is considered high due to the potential for privilege escalation. There are currently no known public exploits or active campaigns targeting this vulnerability, but the ease of exploitation makes it a potential target. It is not currently listed on the CISA KEV catalog. The vulnerability's nature, allowing container escape, warrants close monitoring.
Exploit Status
EPSS
1.68% (82% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5154 is to upgrade cri-o to version 1.28.7 or later. This version includes fixes that prevent the creation of the malicious "mtab" symlink. If upgrading immediately is not feasible, consider implementing stricter container isolation policies to limit the container's access to the host filesystem. This could involve using namespaces and cgroups to restrict the container's ability to create files outside of its designated mount point. Additionally, monitor container activity for suspicious filesystem operations, particularly the creation of symlinks in unexpected locations. After upgrading, verify the fix by attempting to create a symlink named 'mtab' within a container and confirming that the operation is denied.
Actualice cri-o a la versión 1.30.1 o superior, o a las versiones indicadas en los advisories de Red Hat (RHSA-2024:10818, RHSA-2024:3676, RHSA-2024:3700). Esto evitará que contenedores maliciosos creen enlaces simbólicos en el host y accedan a archivos arbitrarios.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5154 is a high-severity vulnerability in cri-o where a malicious container can create a symlink named 'mtab' on the host, potentially leading to privilege escalation.
You are affected if you are running cri-o versions prior to 1.28.7. Check your version and upgrade immediately.
Upgrade cri-o to version 1.28.7 or later. Consider stricter container isolation policies as an interim measure.
There are currently no known public exploits or active campaigns, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the cri-o project's security advisories for the latest information: https://github.com/cri-o/cri-o/security/advisories
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.