Amazon Linux 2023: CVE-2024-23651: Important priority package update for docker

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.
A race condition issue was found in the Moby Builder Toolkit, stemming from a time-of-check/time-of-use (TOCTOU) vulnerability during cache volume mounting at container build time. Concurrent execution of two malicious build steps, sharing the same cache mounts with subpaths, may result in files from the host system being accessible to the build container. Successful exploitation could lead to a container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (for example, when using FROM).