Cve-2024-21626 could not be detected

  • I have a ubuntu linux system, which has runc version 1.1.10, has the cve-2024-21626 vulnerable.
    also update greenbone CVE to latest feed status, which has cve-2024-21626 in it.

  • set target, credential, and create task to scan this target . could not find cve-2024-21626 in my report

what else should I do for this?


and welcome to this community forums.

Short version: This is the current and expected behavior

Long version:

(Linux) Tools / software like runc are usually / largely only covered via auto-generated Local Security Checks (LSCs) based on vendor advisories published by the relevant security team of the used distribution.

For Ubuntu this advisory is available at USN-6619-1: runC vulnerability | Ubuntu security notices | Ubuntu and only lists versions 1.1.7 and 1.1.4 (and below) of the runc packages as being vulnerable against this specific flaw.

The used version 1.1.10 is not listed there thus no vulnerability is reported by the available LSC:


thanks your reply. it is very clear.