Full title: runc 1.1.11 File Descriptor Leak Privilege Escalation Exploit 
Category: local exploits
Platform: linux
runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

# 0day.today @ http://0day.today/