Docker & Kubernetes container breakout security bug CVE-2024-21626 (Ep 253)

Last week, Snyk, announced multiple CVEs affecting Docker, containerd, AWS EKS, Red Hat, Ubuntu, and hundreds of products shipping runc or buildkit. I’ll explain what’s going on and how I see the risk in these vulnerabilities, and maybe we’ll go down memory lane with a history of container breakout bugs.
Runc
CVE-2024-21626
BuildKit
CVE-2024-23650
CVE-2024-23651
CVE-2024-23652
CVE-2024-23653
Moby
CVE-2024-2455

🗞️ Sign up for my weekly newsletter for the latest on upcoming guests and what I’m releasing: https://bret.news

Topics
=====
Snyk “Leaky Vessels” CVE-2024-21626 https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/
Docker Security Advisory https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/
NVD CVE https://nvd.nist.gov/vuln/detail/CVE-2024-21626
Runc https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
The Secure Developer Podcast episode deep dive https://www.devseccon.com/the-secure-developer-podcast/inside-the-matrix-of-container-security-a-deep-dive-into-container-breakout-vulnerabilities

Bret Fisher

=========
Tweets by BretFisher
https://www.linkedin.com/in/bretefisher/
https://www.bretfisher.com

Join my Community 🤜🤛
================
💌 Weekly newsletter on upcoming guests and stuff I’m working on: https://bret.news
💬 Join the discussion on our Discord chat server https://devops.fan
👨‍🏫 Coupons for my Docker and Kubernetes courses https://bret.courses
🎙️ Podcast of this show https://www.bretfisher.com/podcast

Show Music 🎵
==========
waiting music: Jakarta – Bonsaye https://www.epidemicsound.com/track/YOhNIQJXnZ/
intro music: I Need A Remedy (Instrumental Version) – Of Men And Wolves https://www.epidemicsound.com/track/zMtvEjKL4Y/
outro music: Electric Ballroom – Quesa https://www.epidemicsound.com/track/KHL0iR8AAM/