Posts List

Anatomy of CVE-2019-5736: A runc container escape!

Note: This post was originally published on the AWS Compute Blog. On Monday, February 11, CVE-2019-5726 was disclosed. This vulnerability is a flaw in runc, which can be exploited to escape Linux containers launched with Docker, containerd, CRI-O, or any other user of runc. But how does it work? Dive in!