CVE-2022-38730

Name of the Vulnerable Software and Affected Versions Docker Desktop for Windows versions prior to 4.6

Description The issue is related to a race condition in the start() function of the WindowsContainerStartRequest class in Docker Desktop for Windows, allowing an attacker to exploit a symlink vulnerability. This can be achieved by controlling the data-root field inside the DaemonJSON field, enabling the attacker to overwrite any file through the "windowscontainers/start" dockerBackendV2 API endpoint. The exploitation is possible due to a TOCTOU (Time-of-Check-to-Time-of-Use) race condition, affecting the ..dataRoot etworkfileslocal-kv.db file.

Recommendations For Docker Desktop for Windows versions prior to 4.6, update to version 4.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the windowscontainers/start dockerBackendV2 API endpoint until a patch is applied. Avoid using the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class until the issue is resolved.