Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container escapes could allow an attacker to gain unauthorized access to the underlying host operating system from within the container and potentially permit access to sensitive data (credentials, customer info, etc.), and launch further attacks, especially when the access gained includes superuser privileges," the company said in a report shared with The Hacker News. runC is a tool for spawning and running containers on Linux. It was originally developed as part of Docker and later spun out into a separate open-source library in 2015. A brief description of each of the flaws is below – CVE-2024-21626 – WORKDIR: Order of operations container breakout CVE-2024-23651 – Mount Cache Race CVE-2024-23652 – Buildkit Build-time Container Teardown Arbitrary Delete CVE-2024-23653 – Buildkit GRPC SecurityMode Privilege Check The most severe of the flaws is CVE-2024-21626, which could result in a container escape centered around the WORKDIR command. "This could occur by running a malicious image or by building a container image using a malicious Dockerfile or upstream image (i.e. when using FROM)," Snyk said. …Read More
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
