CVE-2026-2664: Docker Desktop Kernel Flaw Exposes Memory via grpcfuse Out-of-Bounds Read

CVE-2026-2664 — Docker Desktop grpcfuse Out-of-Bounds Read

CVE: CVE-2026-2664
Severity: Medium (CVSS 4.0 base score ~6.8)
Exploitability: Local, low privileges required
Exploit Availability: No confirmed public proof-of-concept available
Primary Impact: Memory read out of bounds in kernel component
Affected Software: Docker Desktop up to 4.61.0 (Windows/macOS/Linux)
Fixed In: Docker Desktop 4.62.0

Vulnerability Overview

This issue is a classic out-of-bounds read in the grpcfuse kernel module that lives inside the Linux virtual machine Docker Desktop uses under the hood. This module handles certain internal filesystem interfaces that Docker Desktop provides, especially those under /proc/docker.

At a high level this weakness exists because the code that processes input from a user-controlled source doesn’t check how much data it reads before accessing memory. When someone writes data to a proc entry Docker Desktop exposes, the kernel module can read past the end of its buffer. That triggers unexpected memory access.

The result is not a guaranteed remote kernel compromise, but it can allow a local attacker to read memory that should not be exposed, potentially disclosing sensitive kernel or process data. It could also lead to a crash of the affected component, which amounts to a denial of service.

This is not a remote bug — an attacker must already have local access to the system where Docker Desktop is installed. Because of that local requirement, it’s classified as medium severity even though the consequences of leakage could be serious in some environments.

How the Vulnerability Works

The underlying flaw occurs during processing of input written to certain Docker-related entries in the Linux procfs (pseudo-filesystem). When a low-privileged process writes data to these entries, the grpcfuse code takes that data and proceeds to parse or inspect it.

At one or more points it uses that parsed size information to govern memory access — but because the bounds checks are incorrect it can end up reading beyond the limits of its allocated buffer. In kernel space that typically means trying to read memory immediately after the intended buffer and returning it to user space or logging it.

Even though the exact internal logic is not publicly documented by the vendor, the general pattern is:

user process writes to /proc/docker/someentry
grpcfuse code reads that input
buffer length is not correctly validated
code reads past end of buffer memory
attacker sees leaked memory or triggers a crash

Because this is a read past the buffer, an attacker cannot directly overwrite kernel memory with arbitrary data — that would be write-out-of-bounds and require a different kind of flaw. But read-out-of-bounds can still leak confidential details from memory and undermine system confidentiality.

Potential Exploitation Scenarios

Even though there is no confirmed public exploit at the time of disclosure, the theoretical exploitation path looks like this:

A local user (possibly inside a container) with low privileges finds a way to write a specially crafted input to a Docker Desktop proc entry.
That input triggers the grpcfuse code to read beyond its expected buffer.
Depending on how the code handles that invalid read, one of the following happens:
- Kernel prints back adjacent memory content to logs or returns it on read, disclosing information;
- Kernel experiences a panic or oops, causing Docker Desktop’s Linux VM or service to crash;
- In a chained scenario with other local flaws, the read could be abused as part of a larger privilege escalation.

Important: Because the flaw is a read, not a write or execution bug, it does not directly allow privileged execution or remote takeover on its own. But it does create the conditions where memory contents can be leaked to local attackers.

Detecting Attempts or Abuse

Detection for this type of vulnerability revolves around monitoring access patterns and abnormal kernel behavior.

1. Watch for Writes to Critical Proc Entries

Processes that should not normally interact with /proc/docker should be monitored.

Set up monitoring (using auditd or similar):

auditctl -w /proc/docker -p w -k docker_proc_write

This rule logs any process that writes to anything under /proc/docker — that’s the entry point attackers would use to trigger this flaw.

Look for unusual userships, processes, or containers performing these writes.

2. Kernel Messages and Crash Logs

An out-of-bounds read in kernel space often generates recognizable output:

Kernel oops messages with stack traces
Messages referencing grpcfuse or related module symbols
Repeated crashes of the Docker Desktop VM component

Monitor system logs (e.g., dmesg, journalctl -k) for patterns like:

kernel: BUG: KERNEL OOPS
grpcfuse
“memory read beyond boundary” (simple keyword search)
VM restart messages correlated with /proc/docker events

3. Behavior Indicators

Although this isn’t a write or remote abuse, the following behaviors are suspicious:

Containers or low-privileged processes that should not be interacting with Docker internals are writing to /proc/docker.
Frequent Docker Desktop VM restarts or spikes in kernel error logs.
Unexplained information leaking in logs immediately after suspicious procfs actions.

Detection Queries

Modern SIEM or log analysis tools can use queries like:

ELK / Kibana

event.dataset: "linux.syslog" AND (
  message: "grpcfuse" OR
  message: "kernel oops" OR
  message: "/proc/docker"
)

Splunk

index=kernel_logs (message="*grpcfuse*" OR message="*oops*" OR message="/proc/docker*") 
| stats count by host, message

Windows Event Forwarding (for Docker Desktop on Windows)

If Docker Desktop is running under WSL2:

EventID=2001 OR EventID=2011
Message="docker" OR Message="grpcfuse"

(The above would capture WSL kernel errors correlated with Docker Desktop.)

Proof-of-Concept and Exploitation Notes

At the time of writing:

There is no widely published proof-of-concept exploit code that you can download and run.
Because this is a local vulnerability, publicly shared PoC might appear more often in local exploit repositories or bug bounty disclosures — but as of now none are widely tracked.
Creating a custom PoC typically involves writing malformed data to the right /proc/docker entry and observing a kernel oops or memory leakage.

Be aware that attempting to generate your own PoC on production systems can crash those systems or expose sensitive data; always test in isolated environments.

Mitigation and Remediation

The only official fix for this vulnerability is to apply the vendor update that includes the patch.

Upgrade affected Docker Desktop installations to version 4.62.0 or later using the release notes page above for your platform.

Once patched:

The vulnerable grpcfuse routine is updated to validate buffer lengths properly before reading.
The out-of-bounds read no longer occurs.
Systems return to normal processing of /proc/docker interactions.

Beyond patching:

Ensure that only trusted users have the ability to interact with Docker Desktop installations.
Restrict non-privileged access to /proc/docker where possible.
Keep kernel and container tooling up to date as part of normal patch cycles.

Summary — What You Need to Know

This flaw isn’t remotely exploitable; it must be triggered by a local user or process with access.
It can leak memory or crash components if abused.
You detect abuse by watching for unexpected writes to /proc/docker and kernel errors.
There is no confirmed public exploit code, but risk is real in multi-user or development machines.
The fix is shipping now — upgrade to the patched Docker Desktop release.

Official patch link (only official link):
🔗 https://docs.docker.com/desktop/release-notes/#4620