The bug, dubbed CVE-2019-5736, allows an infected container to overwrite the host runC binary and gain root-level code access on the host. This would basically allow the infected container to gain control of the overarching host container and allow an attacker to execute any command.
“It is quite likely that most container runtimes are vulnerable to this flaw, unless they took very strange mitigations beforehand,” explained Aleksa Sarai, a senior software engineer at SUSE and a maintainer for runC, in an email posted on Openwall. Sarai added that the flaw is blocked by the proper implementation of user namespaces “where the host root is not mapped into the container’s user namespace.”
A patch for the flaw has been developed and is being sent out to the runC community. A number of vendor and cloud providers have already taken steps to implement the patch.
Read more at SDx Central