Advisory: Leaky Vessels vulnerabilities in Docker and runc

Sophos Security Advisory

Advisory: Leaky Vessels vulnerabilities in Docker and runc
MoritzGrimm

Summary

Overview

On Wednesday January 31, 2024, the Snyk Security Labs team published an advisory about high severity vulnerabilities in the runc command line utility and Docker components.

Docker and runc are common parts of hosted and cloud services infrastructure that can run specific workloads in isolated environments, also referred to as “containers”. The vulnerabilities could allow a crafted malicious container image to escape and gain code execution on the underlying host operating system. This is particularly impactful to scenarios in which containers are provided by an external and untrusted entity as it could enable privileged host-level access to the underlying docker host.

Due to the nature of this vulnerability, it is unlikely that any Sophos products will be impacted.

Patches for Docker and runc

According to the official Docker security advisory, the fixes are included in the following versions:

 Patched versions
runc>= 1.1.12
BuildKit>= 0.12.5
Moby (Docker Engine)>= 25.0.2 and >= 24.0.9
Docker Desktop>= 4.27.1

What Sophos products are affected?

Sophos is reviewing the potential impact of the Leaky Vessels vulnerabilities.

Product or ServiceStatusDescription
Cloud OptixNot affectedVulnerable code cannot be controlled by adversary
SG UTM (all versions)Not affectedComponent not present
Sophos Endpoint protection (macOS)Not affectedComponent not present
Sophos Endpoint protection (Linux)Not affectedComponent not present
Sophos Firewall (all versions)Not affectedComponent not present
SophosConnect clientNot affectedComponent not present
Sophos Home (macOS)Not affectedComponent not present
Sophos Mobile EAS ProxyNot affectedComponent not present
Sophos Mobile Control app (iOS + Android)Not affectedComponent not present
Sophos Intercept X for Mobile app (iOS + Android)Not affectedComponent not present
Sophos Chrome SecurityNot affectedComponent not present
Sophos REDNot affectedComponent not present
Sophos AP/APXNot affectedComponent not present
SophosLabs IntelixNot affectedVulnerable code cannot be controlled by adversary
Sophos SASI (AntiSpam)Not affectedComponent not present
SUSINot affectedComponent not present
AV Engine (all platforms)Not affectedComponent not present

Other products and services

Any other products or services not listed above are still under investigation. Sophos will publish updated information as it becomes available.

Related Information

Severity
Informational

First Published

Updated

Publication ID
sophos-sa-20240206-leaky-vessels

Workaround
No

Cloud Optix
Intercept X Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos Mobile EAS Proxy
Sophos RED
Sophos Switch
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix

CVE-2024-21626
CVE-2024-23651
CVE-2024-23652
CVE-2024-23653

Article Version
1

READ MORE