Recently, Snyk announced the emergence of 4 new container vulnerabilities collectively dubbed “Leaky Vessels.” These vulnerabilities exploit the runC and BuiltKit components of Docker container environments. While the Snyk team discovered that there are currently no active exploits, these vulnerabilities allow for container escapes, enabling a malicious attacker to gain access to the container host system.
Users should upgrade to the latest versions of runC (1.1.12) and BuildKit (0.12.5) in self-managed environments or follow recommendations, for example, from AWS, to update their ECS clusters to the latest AWS AMI or their EKS cluster node groups to the latest AWS AMI.
Container breakouts are problematic for the following reasons:
Our friends at Kubernetes GOAT talk about container breakouts in detail with steps on how to simulate this kind of attack.
RunC is the underlying low level container runtime technology that powers Docker, containerd and more. RunC fundamentally launches container processes, creates containers from images, and more. BuildKit, meanwhile, is the technology that actually builds the container image from a Dockerfile. BuildKit and runC work together to build the image and execute deployment of a container from an image, respectively.
CVE-2024-21626: This vulnerability is caused by a file descriptor leak within runC. The attacker can use a malicious image that adds a folder to keep access to the file descriptor and therefore add malicious files directly on the host with access to the host filesystem namespace and the ability to add and search for malicious content. In addition, using the run exec command a new container process can be spawned with a working directory in the host filesystem namespace.
CVE-2024-23651: This one is caused by a race condition with mounting cache volumes. With the mounting process in BuildKit, you can specify a source path to mount a persistent directory. There is a race condition when two build steps running in parallel share the same cache mounts, allowing for a period of time/deadlock during which the directory can be changed to any arbitrary directory. For example, the host root file system can be mounted, leading to root privileges inside that can control the host and allow launching of malicious processes.
CVE-2024-23652: In BuildKit, directories temporarily added can be cleaned up. However, if a target directory for a mount that is meant to be removed is changed to a symlink, the removal operations for the temp directory can be used to remove any file in the host. This could mean that a malicious image could trick BuildKit to remove empty files outside the container, i.e., on the host, which of course is dangerous, leading to a host going down due to the deletion of system files, denial of service, or loss of data.
CVE-2024-23653: In this vulnerability, a malicious image can be used to start a privileged container in BuildKit. This is done by modifying a Dockerfile in such a way that the BuildKit security checks are bypassed. Running in privileged mode allows the container to get access to the host, which can lead to denial of service, as mentioned above.