Allele Security Alert
Processes run with `rkt enter` are given all capabilities during stage 2
Proof of concept
A flaw was found where rkt does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
Yuval Avrahami (Twistlock)
Breaking Out of rkt – 3 New Unpatched CVEs
Bug 1711905 (CVE-2019-10144) – CVE-2019-10144 rkt: processes run with `rkt enter` are given all capabilities during stage 2
Escaping like a Rocket via rkt enter
rkt enter lacks isolation features #3998
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 7, 2019