CVE-2024-6222 In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages

2024-07-0917:16:05

CWE-923

Docker

www.cve.org

docker

desktop

security

vulnerability

fix

cve-2024-6222

macos

linux

windows

hyper-v

exploitation

docker marketplace

configuration

CVSS4

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

EPSS

0.001

Percentile

21.5%

JSON

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.

Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.

As exploitation requires “Allow only extensions distributed through the Docker Marketplace” to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Docker Desktop",
    "vendor": "Docker Inc.",
    "versions": [
      {
        "lessThan": "v4.29.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]