I have a ubuntu linux system, which has runc version 1.1.10, has the cve-2024-21626 vulnerable.
also update greenbone CVE to latest feed status, which has cve-2024-21626 in it.
set target, credential, and create task to scan this target . could not find cve-2024-21626 in my report
what else should I do for this?
Hello,
and welcome to this community forums.
Short version: This is the current and expected behavior
Long version:
(Linux) Tools / software like runc are usually / largely only covered via auto-generated Local Security Checks (LSCs) based on vendor advisories published by the relevant security team of the used distribution.
For Ubuntu this advisory is available at USN-6619-1: runC vulnerability | Ubuntu security notices | Ubuntu and only lists versions 1.1.7 and 1.1.4 (and below) of the runc packages as being vulnerable against this specific flaw.
The used version 1.1.10 is not listed there thus no vulnerability is reported by the available LSC:
Ubuntu: Security Advisory (USN-6619-1)thanks your reply. it is very clear.