Root escalation bug in runc

Subscribe to our newsletter

A bug was found in the way the runc container runtime handles file descriptors when running containers. An attacker could use this bug to overwrite contents of the runc binary and run arbitrary commands on the container host with root privileges. To exploit this flaw the attacker needs to be able to run a container with a crafted image and root privileges.

runc developer Aleksa Sarai has published the security hole that has been discovered by security researchers Adam Iwaniuk and Borys Popławski. He has also written proof-of-concept exploit that will be published on the OpenWall list on Feb/18. runc is the container runtime that is used in Docker, cri-o, containerd or Kubernetes.

In addition to the Docker/runc combo the Ubuntu container software LXC is vulnerable to a similar attack. Patches for all software packages have been released.

On Red Hat or CentOS 7 distros running OpenShift or Docker the attack is mitigated when SELinux is enabled and enforcing policy.

Get our weekly newsletter

Marketing permission: I give my consent to KUBEMAG to be in touch with me via email using the information I have provided in this form for the purpose of news and updates.