If you use Docker on your NAS server, what we are going to tell you interests you. Your safety may be in danger, so you should take action as soon as possible to fix the problem. This is a critical container leak threat. In total, there are four vulnerabilities that have been detected and have been classified as critical. They affect several key components, as we are going to explain, and poses a significant risk to the operation and security of containerized applications.
These security flaws, affect components such as BuildKit, runc or Moby. These vulnerabilities have been registered as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653. Not all of them affect the same components, as we are going to explain, although all of them are high risk.
Vulnerabilities in Docker
Specifically, the vulnerability CVE-2024-21626 It is a critical bug that affects runc. Allows leaks in the container. This could allow unauthorized access to the host file system. Without a doubt, an important problem if we take into account that isolation is essential to preserve security.
The other vulnerabilities, which have been registered as CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653, affect BuildKit. In this case, they could also cause unauthorized access and compromise the build cache. These are important errors that should be corrected as soon as possible.
These problems affect specific versions in each case. In runc, affects versions up to 1.1.11. As to BuildKit, affects up to version 0.12.4. About Moby, affects versions up to 25.0.1 and also lower than 24.0.8. Lastly, in DockerDesktopaffects up to version 4.27.0.
But how can these security flaws affect you? The positives are that they only affect when the user, the victim, in short, interacts with malicious content and incorporates it into the compilation process or runs the container from a suspicious image. If this does not happen, they will not be able to exploit these flaws.
Update as soon as possible
For correct these problems security, it's as simple as updating as soon as possible. On January 31, Docker released different patches for runc, BuildKit and Moby and, the next day, for Docker Desktop. It is very important that you make sure that you have everything updated, since it is the only thing that effectively corrects these vulnerabilities.
Beyond this, Docker has also given a series of recommendations to users. For example, they advise against compiling from unreliable sources and only using Docker images that are truly safe, without taking unnecessary risks that could cause a problem.
We are not facing a very different case from many other vulnerabilities that we constantly see. It is always recommended to have everything correctly updated, since it is the only way to avoid these security flaws that can be exploited by a third party and compromise privacy and proper functioning. Although using programs like Windows Defender and other antivirus is interesting, it is of little use if you do not have everything updated.
In short, if you use Docker on your NAS, it is important that you update as soon as possible. There are four vulnerabilities rated critical. Make sure you have the versions we have shown updated and avoid problems.