Docker/runc container escape enabling host root access — any Docker EXEC into a container running as root allows host escape. Update Docker and runc immediately. Run containers as non-root users. Enable SELinux/AppArmor LSM enforcement.
runc through 1.0-rc6, as used in Docker through 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within a Docker container.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →