A list of CVEs in the various parts of the container stack that could allow for unauthorised access to host resources (e.g. filesystem, network stack) from a container.
With Linux issues it can be a bit tricky to say if they're container escapes or not so generally looking at ones where container escape has been demonstrated.
- CVE-2022-0847 - a.k.a DirtyPipe. Vulnerability allows for overwrite of files that should be read-only. Basic container information here, full container breakout PoC writeup here and code here
- CVE-2022-0492. Vulnerability in cgroup handling can allow for container breakout depending on isolation layers in place. Container breakout details here
- CVE-2022-0185 - Local privilege escalation, needs CAP_SYS_ADMIN either at the host level or in a user namespace
- CVE-2021-3490 - Vulnerability in the eBPF subsystem allows for container breakout if the container has CAP_BPF (see also proof of concept)
- CVE-2021-31440 - eBPF incorrect bounds calculation allows for privesc.
- CVE-2021-22555 - Linux LPE used to break out of Kubernetes pod by the researcher
- CVE-2017-1000112 - memory corruption in UFO packets.
- CVE-2016-5195 - (a.k.a 'dirty CoW') - race condition leading to incorrect handling of Copy on Write.
- CVE-2017-5123 - vulnerability in the WaitID syscall.
- CVE-2024-21626 - a.k.a. Leaky Vessels, allows for container escape if running a malicious image, or building a malicious Dockerfile, directly, or indirectly (i.e. through a
FROM
instruction). - CVE-2021-30465 - race condition when mounting volumes into a container allows for host access.
- CVE-2019-19921 - TOCTOU in runC's mount operations that allows to break out of the container.
- CVE-2019-5736 - overwrite runc binary on the host system at container start, see also explanation
- CVE-2016-9962 - access to a host file descriptor allows for breakout.
- CVE-2022-23648 - Vuln in volume mounting allows for arbitrary file read from the underlying host, leading to likely indirect container breakout. PoC exploit here
- CVE-2022-0811 - Vulnerability in setting sysctls in k8s/OpenShift manifests allows for container breakout. Linked post has full PoC details.
- CVE-2019-14891 allows containers to access the host's network
- CVE-2024-23653 - missing privilege check in Docker BuildKit allowing for container escape when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM)
- CVE-2024-23651 - race condition in Docker BuildKit allowing for container escape when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM)
- CVE-2021-21284 - When using user namespaces, a user with some access to the host filesystem can modify files which they should not have access to.
- CVE-2019-14271 - An issue in the implementation of the Docker "cp" command can lead to full container escape when exploited by an attacker
- CVE-2021-25741 - race condition in when using hostPath volumes allows for privileged access to host filesystem
- CVE-2021-25737 - unauthorized access to host network stack by using endpoint slices
- CVE-2017-1002101 - subpath volume mount handling allows arbitrary file access in host filesystem
- CVE-2017-1002102 - Arbitrary deletion of files on the host possible when using some Kubernetes volume types
- CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 AWS' hot patch package for log4shell allowed for container escape, if a container contains a malicious "java" executable which will be run uncontainerized.
- Cross Container Attacks: The Bewildered eBPF on Clouds (2023) describes how the
CAP_BPF+CAP_PERFMON
(orCAP_SYS_ADMIN
) capabilities be abused to escape containers. - Towards Improving Container Security by Preventing Runtime Escapes (2021) analyzes 59 CVEs for 11 container runtimes
- Bad Pods: Kubernetes Pod Privilege Escalation describes common scenarios of dangerous Kubernetes pod configurations, and how/if it's possible to escape in each case.
- Linux Kernel Exploitation - Extensive maintained list of links relating to Linux Kernel Exploitation
- Hacking Kubernetes - Hacking Kubernetes book site has a set of Container Breakout CVEs