CVE-2019-5736: runc container breakout

CVE-2019-5736: runc container breakout

From: Aleksa Sarai

Date: Tue, 12 Feb 2019 00:05:20 +1100

[[ Patch CRD: 2019-02-11 15:00 CET ]] [[ Exploit Code CRD: 2019-02-18 15:00 CET ]] Hello, I am one of the maintainers of runc (the underlying container runtime underneath Docker, cri-o, containerd, Kubernetes, and so on). == OVERVIEW == The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. After some discussion with the systemd-nspawn folks, it appears that they aren’t vulnerable (because their method of attaching to a container uses a different method to LXC and runc).

Source: seclists.org