Docker Buildkit <=v0.12.4, as used by the Docker engine. The exploitation of this issue can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM) https://snyk.io/blog/cve-2024-23651-docker-buildkit-mount-cache-race/ https://www.openwall.com/lists/oss-security/2019/05/28/1 https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv https://github.com/moby/buildkit/pull/4604