Docker is a containerization software that is used for automating the deployment and management of applications within an isolated environment. This software allows us to “pack” and ship an application, along with all of its needed files, libraries, and dependencies, into a “docker container“. That container can then be easily ported to any Linux system that contain cgroups support within the kernel, and provides a container management environment. Docker is one of several containerization implementations (not to be confused with virtualization) based on this cgroups mechanisms built into the Linux kernel.
Minikube is the name of a software program written in Go, which can build a local Kubernetes cluster on a single host. It uses a meager amount of resources to run a mini Kubernetes deployment. Minikube is mainly used for testing purposes using different scenarios or versions of Kubernetes
Before we begin, let’s describe what Docker is. Docker is a set of virtualization tools that allows us to create, test, and deploy containerized applications quickly and easily on a dedicated server. It has become very popular and used almost everywhere in our daily lives. Thanks to containerization, we can quickly launch applications on different cloud platforms utilizing small bundles which contain all the needed packages, libraries and configuration file to run an application. These docker packages communicate via established network channels.
VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.
Made public on May 13, 2015
This flaw exploits QEMU, a generic and open source machine emulator.
Allows for an attacker to access other virtual machines outside of their own.