Understanding the runc 1.1.11 Container Escape Bug and How to Secure Your Hosts

runc official security advisory reveals a container‑escape vulnerability in runc 1.1.11 and earlier versions, allowing attackers to escape containers and obtain host privileges.

What is runc?

runc is a CLI tool that creates and runs containers according to the OCI standard; Docker, containerd, CRI‑O, and Podman all run on top of runc.

Vulnerability details

The vulnerability (CVE‑2024‑21626) can be exploited by configuring a special workdir path, enabling the container to read host files. Huawei Cloud Security Service (HSS) successfully reproduced the exploit in a Docker environment. The following images illustrate the vulnerability and its reproduction.

Impact range

Versions rc93 ≤ runc ≤ 1.1.11 are affected.

Mitigation recommendations

Security update : Upgrade to the latest runc version (1.1.12) which contains the fix.

HSS vulnerability scanning : Use Huawei Cloud Security Service to scan for the runc escape vulnerability and follow the console steps to initiate an immediate scan.

Intrusion detection : HSS HIPS rules generate real‑time alerts when exploitation is detected; view alerts in the “Host Security Alerts” page.