The Docker Buildkit has a vulnerability (CVE-2024-23653) that allows an attacker to escape from a container and achieve full host root command execution when building an image using a malicious Dockerfile or upstream image. This vulnerability occurs due to a missing privilege check in the GRPC endpoint, which can be exploited by launching an elevated privilege container during build time. To mitigate this issue, Buildkit has been patched in version v0.12.5 and users are advised to update their instances of Buildkit to this version or later. Additionally, Snyk has developed two tools to detect this vulnerability: a runtime detection tool using eBPF-based instrumentation and a static analysis detector that analyzes Dockerfiles and flags potential exploit attempts. It is recommended to update container infrastructure as soon as possible and consider using these tools for evaluation of risk or exposure when updating is not immediately possible.