Description:
Due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). [https://github.com/advisories/GHSA-xr7r-f8xq-vfvv] Vendor Affected Components: Go Package: github.com/opencontainers/runc 1.0.0-rc93 ≤ 1.1.11
CERT Recommendation:
Update Go Package: github.com/opencontainers/runc to version 1.1.12 or later.
Description
Description: Due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). [https://github.com/advisories/GHSA-xr7r-f8xq-vfvv] Vendor Affected Components: Go Package: github.com/opencontainers/runc 1.0.0-rc93 ≤ 1.1.11
CERT Recommendation: Update Go Package: github.com/opencontainers/runc to version 1.1.12 or later.
Vendor Advisories: Vulnerability 1 | Advisory: https://github.com/advisories/GHSA-xr7r-f8xq-vfvv | several container breakouts due to internally leaked fds Vulnerability 1 | Release | 1.1.12 Vulnerability 1 | Fix Commit | Merge pull request from https://github.com/advisories/GHSA-xr7r-f8xq-vfvv
CVEs: https://github.com/advisories/GHSA-xr7r-f8xq-vfvv