“This difficulty impacts Docker on Linux techniques,” Development Micro stated in a weblog publish. “When a brand new container is created with a number of mounts configured utilizing (bind-propogation=shared), a number of father or mother/little one paths are established. Nonetheless, the related entries will not be eliminated within the Linux mount desk after container termination.”
The difficulty creates a bloated mount desk that may spiral uncontrolled, shortly burning by accessible file descriptors (FDs). Because the FD provide dries up, Docker hits a wall-no longer spinning up new containers. Moreover, an outsized mount desk can drag system efficiency, locking the customers out of the host fully, and making a DOS situation, based on the weblog.
The DOS requires a prerequisite of getting elevated root-level privileges, which could be attained by a CVE-2024-0132 exploit. To clarify this, Development Micro outlines the potential assault steps involving the crafting of two malicious container pictures that exploit the TOCTOU flaw to achieve full root-level privileges and concurrently perform a DOS assault.
