AZL-58844 CVE-2024-40635 affecting package moby-containerd for versions less than 1.6.26-11

🗓️ 17 Mar 2025 22:15:13Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Containerd UID overflow can cause root execution for large UID:GID; fixed in 1.6.38, 1.7.27, 2.0.4.

Reporter	Title	Published	Views	Family All 243
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak	9 Jun 202519:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	16 Oct 202513:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an interger overflow in containerd [CVE-2024-40635]	1 May 202520:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	18 Aug 202504:29	–	ibm
IBM Security Bulletins	Security Bulletin: Containerd can cause an overflow condition where the container ultimately runs as root, which affects IBM watsonx.data	25 Jul 202512:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2024-40635)	28 Apr 202520:41	–	ibm
GithubExploit	Exploit for CVE-2024-40635	30 Apr 202516:22	–	githubexploit
Tenable Nessus	Amazon Linux 2023 : ecs-init (ALAS2023-2025-1015)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-920)	1 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : docker (ALAS2023-2025-987)	2 Jun 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-40635

21 Apr 2026 04:37Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.14.6 - 7.8

EPSS0.00064

SSVC