Level 31
A container breakout security flaw found in the runc container runtime allows malicious containers (with minimal user interaction) to overwrite the host runc binary and gain root-level code execution on the host machine.
runc is an open source command line utility designed to spawn and run containers and, at the moment, it is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O.
According to Aleksa Sarai, Senior Software Engineer (Containers) SUSE Linux GmbH, one of the runc maintainers:
... ....