32 matches found
OESA-2026-2893 containerd security update
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...
github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning
A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...
github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...
GO-2026-5338 containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd
containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during the CRI checkpoint restore. An attacker can gain unauthorized access to resources by injecting arbitrary Container Device Interface CDI annotations into checkpoint image metadata, which are then trusted an...
github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...
[SECURITY] Fedora 43 Update: cri-o1.34-1.34.2-1.fc43
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 43 Update: cri-o1.32-1.32.10-1.fc43
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.34-1.34.2-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.32-1.32.10-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.32-1.32.10-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.34-1.34.2-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
containerd affected by a local privilege escalation via wide permissions on CRI directory
...
CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
[SECURITY] Fedora 41 Update: cri-o1.33-1.33.5-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.31-1.31.13-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.32-1.32.9-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
Linux Distros Unpatched Vulnerability : CVE-2021-21334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through...
[SECURITY] Fedora 42 Update: cri-tools1.29-1.29.0-11.fc42
CLI and validation tools for Kubelet Container Runtime Interface CRI...