Vulnerability in runc allows escape from Docker and Kubernetes containers

[or1k]

A vulnerability (https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv) CVE-2024-21626 has been found in the runc isolated container toolkit (https://github.com/opencontainers/runc/) that allows access to the file system of a host environment from within an isolated container. During an attack, an attacker could overwrite some executable files in the host environment and thus achieve execution of his code outside the container.

The vulnerability has been fixed in the runc 1.1.12 release (https://github.com/opencontainers/runc/releases/tag/v1.1.12).

In the case of Docker or Kubernetes, the attack can be accomplished by preparing a specially crafted container image, after installing and running it from the container it is possible to access an external FS. With Docker, it is possible to exploit via a specially designed Dockerfile.

In addition, five more vulnerabilities (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-23650, CVE-2024-24557) have been identified (https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/) in Docker toolkit components, which have already been fixed.