runC is the underlying container runtime beneath infrastructure such as Docker, CRI-O, containerd, Kubernetes and others. This new vulnerability allows a compromised container to overwrite the host runC binary and gain root-level execution and underlying file access. As a result, an attacker can run any root level command within a container when:

  • Spinning up a new container based on the attacker’s image.
  • Attaching (docker exec) into an existing container which the attacker had previous write access to.

You can read more info about this CVE: