K-CVE-2024-21626Privilege Escalation

runc CVE-2024-21626 (Leaky Vessels)

runc < 1.1.12: file-descriptor leak across exec; container escape via WORKDIR /proc/self/fd/N during image build.

§ Where this technique fits

K-CVE-2024-21626 is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

CVE-2024-21626 (Leaky Vessels) → container escape
Outdated runc lets a malicious image escape during 'docker build' or 'docker run' via a leaked file descriptor pointing at the host filesystem.
step 2 / 5

§ What commonly comes next

01
Backdoored Container Image
K-IMAGE-BACKDOOR · Persistence
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

CVE-2024-21626 (Leaky Vessels) → container escape

§ What commonly comes next