Hotdog Container Escape

Vulnerability

Hotdog, an OCI hook-based hot patch solution for Bottlerocket hosts, prior to version 1.0.1 does not mimic the capabilities or the SELinux label of the target JVM process [1][2]. This flaw exists in the hook logic that launches the patching process; instead of inheriting the restricted context of the Java application, the hook runs with the full privileges of the container runtime, bypassing any security constraints set on the container [1]. Affected versions are all releases before 1.0.1 [2].

Exploitation

An attacker who can execute arbitrary code inside a container on a host where Hotdog is installed can exploit this vulnerability without needing any special permissions or user interaction [1]. The container does not need to run a Java application, and the exploit works even if the container uses user namespaces or runs as a non-root user [1]. By triggering the Hotdog hook (e.g., by starting a Java process or simply by the hook being present), the attacker gains the elevated privileges of the hook process, which runs with full host capabilities and without SELinux confinement [1].

Impact

Successful exploitation allows a container to escape its isolation and gain full root privileges on the underlying host [1][2]. This completely bypasses any restrictions set on the container, including those enforced by user namespaces, SELinux, or capability dropping [1]. The attacker can then compromise the host and potentially other containers or workloads running on it [1].

Mitigation

AWS released a fixed version of Hotdog (version 1.0.1) on April 19, 2022, which correctly mimics the target JVM's capabilities and SELinux label [1][2]. Users should upgrade to Hotdog 1.0.1 or later immediately. No workaround is available; the only mitigation is to disable the hot patch service until the upgrade can be applied [1].