Описание
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
Меры по смягчению последствий
To mitigate this vulnerability, ensure that only trusted images are used and that only trusted users have permissions to import images.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai-tech-preview/assisted-installer-agent-rhel8 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Fix deferred | ||
| Deployment Validation Operator | deployment-validation-operator-container | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel9 | Fix deferred | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-validation-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-controller-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
containerd is an open-source container runtime. A bug was found in con ...
EPSS
4.6 Medium
CVSS3