CVE-2024-6222
CVE-2024-6222 is a high-severity vulnerability in Docker Desktop with a CVSS 3.x base score of 7.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-923.
Key facts
- Severity: High (CVSS 3.x base score 7.0)
- CVSS v4: 7.3
- EPSS exploit prediction: 1% (42nd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-47355
- Weakness: CWE-923
- Affected product: Docker Desktop
- Published:
- Last modified:
Description
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.
Frequently asked questions
- What is CVE-2024-6222?
- In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.
- How severe is CVE-2024-6222?
- CVE-2024-6222 has a CVSS 3.x base score of 7.0, rated high severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2024-6222 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (42nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-6222?
- CVE-2024-6222 affects Docker Desktop. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2024-6222?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2024-6222 have an EU (EUVD) identifier?
- Yes. CVE-2024-6222 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-47355.
- When was CVE-2024-6222 published?
- CVE-2024-6222 was published on 2024-07-09 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*
More vulnerabilities in Docker Desktop
- CVE-2024-8696 — Critical (CVSS 9.8): A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a…
- CVE-2024-8695 — Critical (CVSS 9.8): A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious…
- CVE-2026-2664 — High (CVSS 7.8): An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for…
- CVE-2025-3224 — High (CVSS 7.8): A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local,…
- CVE-2022-37326 — High (CVSS 7.8): Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2…
- CVE-2021-37841 — High (CVSS 7.8): Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the…
All CVEs affecting Docker Desktop →
Other CWE-923 vulnerabilities
- CVE-2019-17440 — Critical (CVSS 10.0): Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation…
- CVE-2024-41889 — Critical (CVSS 9.8): Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited,…
- CVE-2026-34205 — Critical (CVSS 9.6): Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps…
- CVE-2023-28078 — Critical (CVSS 9.1): Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A…
- CVE-2025-61939 — High (CVSS 8.8): An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual…
- CVE-2025-20261 — High (CVSS 8.8): A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series,…