Access to remapped root allows privilege escalation to real root · Advisory · moby/moby · GitHub

Impact

When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/ that cause writing files with extended privileges.

Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Credits

Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @BassMatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to [email protected]

Read Next

July 31, 2025

[tl;dr sec] #290 – Securing MCP, AppSec Archetypes, CISO’s Guide to Protecting Crown Jewels

July 31, 2025

Debunking API Security Myths

July 29, 2025

How to identify the origin IP

July 27, 2025

Getting a Shell on the LAU-G150-C Optical Network Terminal

July 27, 2025

Self-Contained TypeScript Programs Using Bun

July 27, 2025

Building a Personal AI Infrastructure (PAI)

July 27, 2025

I Built a Claude Code Pop Menu Inside of Neovim

July 26, 2025

Search in Zola: Fuse.js vs. Elasticlunr.js

July 25, 2025

Remote Code Execution in Microsoft SharePoint (CVE-2025-53770) — API Security

July 24, 2025

AI Lets You Do Way More Stuff

July 31, 2025

[tl;dr sec] #290 – Securing MCP, AppSec Archetypes, CISO’s Guide to Protecting Crown Jewels

July 31, 2025

Debunking API Security Myths

July 29, 2025

How to identify the origin IP

July 27, 2025

Getting a Shell on the LAU-G150-C Optical Network Terminal

July 27, 2025

Self-Contained TypeScript Programs Using Bun

July 27, 2025

Building a Personal AI Infrastructure (PAI)

July 27, 2025

I Built a Claude Code Pop Menu Inside of Neovim

July 26, 2025

Search in Zola: Fuse.js vs. Elasticlunr.js

July 25, 2025

Remote Code Execution in Microsoft SharePoint (CVE-2025-53770) — API Security

July 24, 2025

AI Lets You Do Way More Stuff