Advisory: Leaky Vessels vulnerabilities in Docker and runc

← Back to Security Advisories Overview
Informational
CVE(s)
CVE-2024-21626
CVE-2024-23651
CVE-2024-23652
CVE-2024-23653
Updated:
Product(s)
Cloud Optix
Intercept X Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos Mobile EAS Proxy
Sophos RED
Sophos Switch
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix
Publication ID: sophos-sa-20240206-leaky-vessels
Article Version: 3
First Published:
Workaround: No

Overview

On Wednesday January 31, 2024, the Snyk Security Labs team published an advisory about high severity vulnerabilities in the runc command line utility and Docker components.

Docker and runc are common parts of hosted and cloud services infrastructure that can run specific workloads in isolated environments, also referred to as “containers”. The vulnerabilities could allow a crafted malicious container image to escape and gain code execution on the underlying host operating system. This is particularly impactful to scenarios in which containers are provided by an external and untrusted entity as it could enable privileged host-level access to the underlying docker host.

Due to the nature of this vulnerability, it is unlikely that any Sophos products will be impacted.

Patches for Docker and runc

According to the official Docker security advisory, the fixes are included in the following versions:

 Patched versions
runc>= 1.1.12
BuildKit>= 0.12.5
Moby (Docker Engine)>= 25.0.2 and >= 24.0.9
Docker Desktop>= 4.27.1

 

What Sophos products are affected?

The following products have been reviewed against the Leaky Vessels vulnerabilities.

Product or ServiceStatusDescription
Cloud OptixNot affectedVulnerable code cannot be controlled by adversary
SG UTM (all versions)Not affectedComponent not present
Sophos CentralNot affectedVulnerable code cannot be controlled by adversary
Sophos Endpoint protection (Windows)Not affectedComponent not present
Sophos Endpoint protection (macOS)Not affectedComponent not present
Sophos Endpoint protection (Linux)Not affectedComponent not present
Sophos EmailNot affectedVulnerable code cannot be controlled by adversary
Sophos Firewall (all versions)Not affectedComponent not present
SophosConnect clientNot affectedComponent not present
Sophos Home (macOS)Not affectedComponent not present
Sophos MobileNot affectedVulnerable code cannot be controlled by adversary
Sophos Mobile EAS ProxyNot affectedComponent not present
Sophos Mobile Control app (iOS + Android)Not affectedComponent not present
Sophos Intercept X for Mobile app (iOS + Android)Not affectedComponent not present
Sophos Chrome SecurityNot affectedComponent not present
Sophos PhishThreatNot affectedVulnerable code cannot be controlled by adversary
Sophos REDNot affectedComponent not present
Sophos AP/APXNot affectedComponent not present
SophosLabs IntelixNot affectedVulnerable code cannot be controlled by adversary
Sophos Secure Access Service Edge (SASE)Not affectedComponent not present
Sophos SASI (AntiSpam)Not affectedComponent not present
SUSINot affectedComponent not present
AV Engine (all platforms)Not affectedComponent not present

 

Other products and services

Any other products or services not listed above are still under investigation. Sophos will publish updated information as it becomes available.

Related Information