CVE-2022-38730: 
Docker Desktop vulnerability analysis and mitigation

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition (NVD, CyberArk).

The vulnerability exists in the Docker Desktop's Windows containers API where an attacker can control the data-root field in the DaemonJSON configuration. When the daemon creates the directory specified in data-root, a race condition can be exploited by changing the directory to a junction directory before the local-kv.db file is created, allowing arbitrary file writes. The vulnerability has a CVSS v3.1 Base Score of 6.3 MEDIUM (Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H) (NVD).

A successful exploitation of this vulnerability allows an attacker to overwrite any file on the system through a Time-of-Check-Time-of-Use (TOCTOU) race condition. This could lead to privilege escalation and system compromise (CyberArk).

The vulnerability was fixed in Docker Desktop version 4.6. Users should upgrade to version 4.6 or later to mitigate this vulnerability (Docker Release Notes).