Docker/runc container escape enabling host root access — any Docker EXEC into a container running as root allows host escape. Update Docker and runc immediately. Run containers as non-root users. Enable SELinux/AppArmor LSM enforcement.
runc through 1.0-rc6, as used in Docker through 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within a Docker container.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →