Linux Distros Unpatched Vulnerability : CVE-2021-43816

🗓️ 30 Aug 2025 00:00:00Reported by TenableType

Containerd vulnerability allows unprivileged pods to access host files via hostPath; upgrade to 1.5.9.

Reporter	Title	Published	Views	Family All 42
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2022-23648, CVE-2022-32149)	3 Jul 202509:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse® on Cloud Pak for Data	19 Apr 202420:11	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	1 Mar 202419:27	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202318:50	–	ibm
AlpineLinux	CVE-2021-43816	5 Jan 202218:55	–	alpinelinux
Circl	CVE-2021-43816	5 Jan 202222:40	–	circl
CNNVD	containerd 权限许可和访问控制问题漏洞	5 Jan 202200:00	–	cnnvd
CVE	CVE-2021-43816	5 Jan 202218:55	–	cve
Cvelist	CVE-2021-43816 Improper Preservation of Permissions in containerd	5 Jan 202218:55	–	cvelist
Debian CVE	CVE-2021-43816	5 Jan 202218:55	–	debiancve

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2021-43816
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(258741);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/30");

  script_cve_id("CVE-2021-43816");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2021-43816");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS,
    RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime
    interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any
    privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing
    the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or
    `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-
    label which effectively elevates permissions for savvy containers that would not normally be able to
    access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade
    as soon as possible. (CVE-2021-43816)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2021-43816");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43816");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:containerd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "containerd"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

30 Aug 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 26

CVSS 3.18 - 9.1

EPSS0.00147

SSVC