11.7 C
Wednesday, January 31, 2024

RunC Flaws Allow Container Escapes, Granting Attackers Host Entry

Jan 31, 2024NewsroomSoftware program Safety / Linux

Container Security

A number of safety vulnerabilities have been disclosed within the runC command line instrument that might be exploited by risk actors to flee the bounds of the container and stage follow-on assaults.

The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.

“These container escapes may permit an attacker to achieve unauthorized entry to the underlying host working system from inside the container and probably allow entry to delicate knowledge (credentials, buyer information, and so on.), and launch additional assaults, particularly when the entry gained contains superuser privileges,” the corporate stated in a report shared with The Hacker Information.


runC is a instrument for spawning and operating containers on Linux. It was initially developed as a part of Docker and later spun out right into a separate open-source library in 2015.

A quick description of every of the issues is beneath –

  • CVE-2024-21626 – WORKDIR: Order of operations container breakout
  • CVE-2024-23651 – Mount Cache Race
  • CVE-2024-23652 – Buildkit Construct-time Container Teardown Arbitrary Delete
  • CVE-2024-23653 – Buildkit GRPC SecurityMode Privilege Examine

Essentially the most extreme of the issues is CVE-2024-21626, which may lead to a container escape centered across the `WORKDIR` command.

“This might happen by operating a malicious picture or by constructing a container picture utilizing a malicious Dockerfile or upstream picture (i.e. when utilizing `FROM`),” Snyk stated.


There isn’t a proof that any of the newly found shortcomings have been exploited within the wild up to now. That stated, the problems have been addressed in runC model 1.1.12 launched at the moment.

“As a result of these vulnerabilities have an effect on broadly used low-level container engine elements and container construct instruments, Snyk strongly recommends that customers verify for updates from any distributors offering their container runtime environments, together with Docker, Kubernetes distributors, cloud container companies, and open supply communities,” the corporate stated.

In February 2019, runC maintainers addressed one other high-severity flaw (CVE-2019-5736, CVSS rating: 8.6) that might be abused by an attacker to interrupt out of the container and acquire root entry on the host.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

Latest news
Related news


Please enter your comment!
Please enter your name here