In tools for launching isolated containers, a vulnerability has been found in runc, which is used in dockker and kubernetes. The vulnerability, known as cve-2024-21626, allows an attacker to access the file system of a host from an isolated container. This means that the attacker can modify executable files in the host environment and execute their code outside of the container. However, this vulnerability does not manifest in Runtime LXC, Crun, and Youki, which also use runc. The vulnerability has been patched in runc 1.1.12.
An attack exploiting this vulnerability can occur when a specially designed container image is used with Docker or Kubernetes. After the installation and launch of the container, there is an opportunity to access the external file system. In Docker, this can be done through a specially designed Dockerfile. The vulnerability can also be exploited when the container is launched with the RUNC Exec command, binding the working directory to the host’s file system by specifying a special value in the “Workdir” parameter.
The vulnerability is caused by a leakage of internal file descriptors. While all file descriptors are closed using the O_CloExec flag before executing code from the container in runc, a file descriptor referring to the working directory remains open after the execution of the SETCWD() function. This allows for various attack scenarios.
One example of an attack is when an attacker sets the Proc.cWD parameter in the container image to “/proc/self/fd/7/,” which creates a binding to the PID1 process in the working directory of the monitoring space. Then, the attacker configures the container image to launch “/proc/self/fd/7/../../bin/bash” and through a Shell script, modifies the contents of “/proc/self/exe,” which refers to a copy of “/bin/bash” in the host environment.
Another attack option allows an attacker inside the container to gain access to the host’s file system if privileged processes are launched in the container using the RUNC Exec command with the “–cWD” option. The attacker can replace the path of the launched process with a symbolic link pointing to “/Proc/Self/FD