RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

From thehackernews.com

linux container runc docker hack

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system.

The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly disclosed by Aleksa Sarai, a senior software engineer and runC maintainer at SUSE Linux GmbH on Monday.

The flaw resides in runC—a lightweight low-level command-line tool for spawning and running containers, an operating-system-level virtualization method for running multiple isolated systems on a host using a single kernel.

Originally created by Docker, runC is the default container run-time for Docker, Kubernetes, ContainerD, CRI-O, and other container-dependent programs, and is widely being used by major cloud hosting and server providers.

Read more…