CVE-2024-6222 Information

Description

In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.

Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/4290 fixes the issue on MacOS Linux and Windows with Hyper-V backend.

As exploitation requires \Allow only extensions distributed through the Docker Marketplace\ to be disabled Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/4310  additionally changes the default configuration to enable this setting by default.

Reference

https://docs.docker.com/desktop/release-notes/#4290