"Three newly disclosed high-severity bugs in the "runc" container runtime let attackers break out of containers despite standard hardening and isolation controls."
"According to Aleksa Sarai, a senior software engineer at SUSE and an OCI board member, the bugs stem from logic flaws in how runc handles writes to certain procfs files, letting attackers inside containers hijack host privileges by abusing masked paths, console bind-mounts, and write gadgets."
""All these vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files," Sarai said in an advisory posted to the oss-sec list."
Three newly disclosed high-severity vulnerabilities in the runc container runtime permit attackers to escape containers despite typical hardening and isolation. The flaws originate in runc's logic for handling writes to specific procfs files, enabling processes inside containers to manipulate host state. Exploitation techniques include abusing masked paths, leveraging console bind-mounts, and using write gadgets to perform unauthorized writes. Successful exploitation leads to hijacking host privileges and complete container breakouts by bypassing runc's safeguards for writes to arbitrary /proc files. These issues affect runc's assumptions about procfs write restrictions and require mitigation to prevent host compromise.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]