ASA-2019-00073 – runC: Execution of malicious containers allows for container escape and access to host filesystem

Allele Security Alert



ASA-2019-00073, CVE-2019-5736


Execution of malicious containers allows for container escape and access to host filesystem


Open Container Initiative



Affected version(s)

All supported versions of runC

Fixed version(s)

Versions with the following commit:

Proof of concept



The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runC binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn’t matter if the command is not attacker-controlled) as root within a container in either of these contexts:

  1. Creating a new container using an attacker-controlled image.
  2. Attaching (docker exec) into an existing container which the attacker had previous write access to.

Technical details

It has been discovered that an attacker can compromise the runC host binary from inside a privileged runC container. As a result, this could be exploited to gain root access on the host. runC is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O.

The attack can be made when attaching to a running container or when starting a container running a specially crafted image. For example, when runC attaches to a container the attacker can trick it into executing itself. This could be done by replacing the target binary inside the container with a custom binary pointing back at the runC binary itself. As an example, if the target binary was /bin/bash, this could be replaced with an executable script specifying the interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created by the kernel for every process which points to the binary that was executed for that process). As such when /bin/bash is executed inside the container, instead the target of /proc/self/exe will be executed – which will point to the runc binary on the host. The attacker can then proceed to write to the target of /proc/self/exe to try and overwrite the runC binary on the host. However in general, this will not succeed as the kernel will not permit it to be overwritten whilst runC is executing. To overcome this, the attacker can instead open a file descriptor to /proc/self/exe using the O_PATH flag and then proceed to reopen the binary as O_WRONLY through /proc/self/fd/<nr> and try to write to it in a busy loop from a separate process. Ultimately it will succeed when the runC binary exits. After this the runC binary is compromised and can be used to attack other containers or the host itself.

This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the runC binary. Unprivileged containers with a non-identity ID mapping do not have the permission to write to the host binary and therefore are unaffected by this attack.


Adam Iwaniuk and Borys Popławski


CVE-2019-5736: runc container breakout (all versions)

CVE-2019-5736 – Red Hat Customer Portal

CVE-2019-5736 (runC): rexec callers as memfd

nsenter: clone /proc/self/exe to avoid exposing host binary to container


Breaking out of Docker via runC – Explaining CVE-2019-5736



If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 14, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.