module
runc (docker) File Descriptor Leak Privilege Escalation
| Disclosed |
|---|
| Jan 31, 2024 |
Disclosed
Jan 31, 2024
Description
All versions of runc and Kubernetes are vulnerable to an arbitrary file write.
Due to a file descriptor leak it is possible to mount the host file system
with the permissions of runc (typically root).
Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 and runc 1.1.11 using Docker build.
Successfully tested on Debian 12.4.0 with runc 1.1.11 using Docker build.
Successfully tested on Arch Linux 12/1/2024 with runc 1.1.10-1 using Docker build.
Due to a file descriptor leak it is possible to mount the host file system
with the permissions of runc (typically root).
Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 and runc 1.1.11 using Docker build.
Successfully tested on Debian 12.4.0 with runc 1.1.11 using Docker build.
Successfully tested on Arch Linux 12/1/2024 with runc 1.1.10-1 using Docker build.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.