Open Containers runc is prone to a local command-execution vulnerability. Runc is a command line utility designed to spawn container systems. It is the container runtime that underpins many open source container management systems including Docker, Kubernetes, containerd, Podman, and CRI-O.  
- A local attacker can exploit this issue to execute arbitrary commands with root privileges.
- Allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. 
- Runc through version 1.0-rc6.
- Many popular container management systems and providers are affected including Docker, Kubernetes, containerd, Podman, CRI-O, Amazon AWS, and RedHat Linux.
- For a list of products and versions affected, please see the links in the References section.
- Update any vulnerable systems immediately. Exploit code for these vulnerabilities is set to be made public on Feb 18th, 2019.
- Consult relevant vendor advisories for patch information (e.g. Docker, Kubernetes).