CVE-2019-5736: runc container breakout
CVE-2019-5736: runc container breakout
[Security] Posted Feb 12, 2019 15:48 UTC (Tue) by corbet
Anybody running containerized workloads with runc (used by Docker,
cri-o, containerd, and Kubernetes, among others) will want to make note of
a newly disclosed vulnerability known as CVE-2019-5736. "The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host.
" LXC is also evidently vulnerable to a
variant of the exploit.