Skip to content

Commit 66997cd

Browse files
gabriellavengeogabriellavengeo
authored
Add CVE-2024-6222 fix to the Docker Desktop 4.29 release notes (docker#20397)
1 parent a48d866 commit 66997cd

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

content/desktop/release-notes.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,8 @@ This can be resolved by adding the user to the **docker-users** group. Before st
338338

339339
#### Security
340340

341-
- Disabled Electron `runAsNode` fuse to improve security hardening. For more info, see [Electron's documentation.](https://www.electronjs.org/blog/statement-run-as-node-cves)
341+
- Disabled Electron `runAsNode` fuse to improve security hardening. For more info, see [Electron's documentation.](https://www.electronjs.org/blog/statement-run-as-node-cves).
342+
- Fixed [CVE-2024-6222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6222) which allows an attacker who has gained access to the Docker Desktop VM through a container breakout to further escape to the host by passing extensions and dashboard related IPC messages. Reported by Billy Jheng Bing-Jhong, Đỗ Minh Tuấn, Muhammad Alifa Ramdhan working with Trend Micro Zero Day Initiative.
342343

343344
### Known issues
344345

0 commit comments

Comments
 (0)