Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
Exploitability
AV:LAC:LAT:PPR:LUI:AVulnerable System
VC:HVI:HVA:HSubsequent System
SC:HSI:HSA:H7.3/CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H