Connect with us

Hi, what are you looking for?


Cloud Security

‘Leaky Vessels’ Container Escape Vulnerabilities Impact Docker, Others 

Snyk discloses information on Leaky Vessels, several potentially serious container escape vulnerabilities affecting Docker and others.

Leaky Vessels container vulnerabilities

Researchers at developer security company Snyk have discovered several potentially serious vulnerabilities that could be exploited by malicious actors to escape containers.

The flaws are collectively called Leaky Vessels and they are tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23653 and CVE-2024-23652.

The security holes were discovered late last year in Docker’s Runc, a tool designed for spawning and running containers on Linux, and BuildKit, a system for building images, both of which are open source. 

While Snyk has found no evidence of exploitation in the wild, the company warned that an attacker could leverage the Leaky Vessels flaws to escape a container and gain access to the underlying host operating system. From there, they could access data stored on the system, which can include customer information and credentials, and conduct further attacks. 

“These vulnerabilities can only be exploited if a user actively engages with malicious content by incorporating it into the build process or running a container from a suspect image (particularly relevant for the CVE-2024-21626 container escape vulnerability),” Docker explained

“Potential impacts include unauthorized access to the host filesystem, compromising the integrity of the build cache, and, in the case of CVE-2024-21626, a scenario that could lead to full container escape,” it added. 

Patches and mitigations are available for the Runc and BuildKit vulnerabilities. Users have been advised to install available patches and keep an eye out for updates from Kubernetes vendors, cloud container services, and open source communities that use the vulnerable components. 

“You should upgrade systems running container engines and container build tools as soon as fixes are released by your providers,” Snyk urged users. 

Advertisement. Scroll to continue reading.

Security advisories for the Leaky Vessels vulnerabilities have been released by the time of writing by Google Cloud, AWS, and Ubuntu

Related: MySQL Servers, Docker Hosts Infected With DDoS Malware

Related: GNU C Library Vulnerability Leads to Full Root Access

Related: Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.