CyberSecurityBoard
Sponsor Register Login

Dangerous runc flaws could allow hackers to escape Docker containers

Recent critical vulnerabilities discovered in runc, the container runtime used by Docker and Kubernetes, pose significant security risks by allowing attackers to escape container isolation. These flaws, identified as CVE-2023-28365 and CVE-2023-28366, enable privilege escalation and arbitrary code execution on the host system, undermining container security. The vulnerabilities stem from improper handling of user namespaces and container configuration, which attackers can exploit to break out of the container sandbox and gain unauthorized access to the underlying host. This breakthrough highlights the importance of timely patching and updating container runtimes to mitigate potential breaches. Docker, Kubernetes, and other container platforms relying on runc are urged to apply security updates immediately to protect their environments. The discovery underscores the evolving threat landscape targeting container technologies and the need for robust security practices in DevOps workflows. Organizations should implement strict access controls, continuous monitoring, and vulnerability management to defend against such sophisticated attacks. This incident serves as a critical reminder of the risks associated with containerized applications and the necessity of proactive cybersecurity measures to safeguard infrastructure.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 09 Nov 2025 15:55:13 +0000


Cyber News related to Dangerous runc flaws could allow hackers to escape Docker containers

15 Best Docker Monitoring Tools in 2025 - What is Good ?What Could Be Better ?cAdvisor monitors containers without much overhead because to its minimal resource footprint.Real-time monitoring is its main focus, and historical data storage is limited.It simplifies troubleshooting using ...
5 months ago Cybersecuritynews.com
Leaky Vessels flaws allow hackers to escape Docker, runc containers - The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could ...
1 year ago Bleepingcomputer.com CVE-2024-21626 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653
What Is Container Security? Definition, Benefits, and Risks - Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines. Container security is a total of policies and tools that are applied to maintain a container running ...
2 years ago Heimdalsecurity.com
Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
2 years ago Feeds.dzone.com
CVE-2024-45310 - runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host ...
10 months ago
10 reasons why securing software supply chains needs to start with containers - Containers and Kubernetes are table stakes for multi-cloud app development, and they're also among the least protected of any areas of software supply chains. Kubernetes commands 92% of the container orchestration platform market, despite DevOps ...
1 year ago Venturebeat.com
CVE-2023-25809 - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user ...
2 years ago
Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers - Red Hat OpenShift sandboxed containers version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the way for ...
1 year ago Redhat.com
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
1 year ago Thehackernews.com
Dangerous runc flaws could allow hackers to escape Docker containers - Recent critical vulnerabilities discovered in runc, the container runtime used by Docker and Kubernetes, pose significant security risks by allowing attackers to escape container isolation. These flaws, identified as CVE-2023-28365 and ...
2 months ago Bleepingcomputer.com CVE-2023-28365 CVE-2023-28366
CVE-2024-29018 - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP ...
1 year ago
CVE-2022-29162 - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, ...
2 years ago
CVE-2024-21626 - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to ...
1 year ago
Python Malware Poses DDoS Threat Via Docker API Misconfiguration - Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF ...
2 years ago Infosecurity-magazine.com
Securing Linux Containers - A Guide for Cloud-Native Environments - “A core principle of container security is reducing the attack surface-the total of all points where an unauthorized user could try to access the system,” notes a recent TuxCare security advisory. The most effective container security ...
7 months ago Cybersecuritynews.com
A Handbook for Managing Containers on Amazon Web Services - Container management is a way to help you create, govern, and maintain your containers. There are tools and services available that can automate the creation, deployment, maintenance, scaling, and monitoring of application or system containers. In ...
2 years ago Trendmicro.com
CVE-2025-10657 - In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature ...
3 months ago
CVE-2021-43784 - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code ...
1 year ago
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
2 years ago Darkreading.com
CVE-2023-0629 - Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the ...
2 years ago
CVE-2022-39321 - GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the ...
3 years ago
CVE-2022-39206 - Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a ...
3 years ago
'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally - One of the vulnerabilities, designated as CVE-2024-21626, impacts runC, the lightweight container runtime for Docker and other container environments. It is the most urgent of the four vulnerabilities, with a severity score of 8.6 out of a possible ...
1 year ago Darkreading.com CVE-2024-21626
CVE-2022-24769 - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process ...
2 years ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)