9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.0%
containerd is an open source container runtime. On installations using
SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with
containerd since v1.5.0-beta.0 as the backing container runtime interface
(CRI), an unprivileged pod scheduled to the node may bind mount, via
hostPath volume, any privileged, regular file on disk for complete
read/write access (sans delete). Such is achieved by placing the
in-container location of the hostPath volume mount at either /etc/hosts
,
/etc/hostname
, or /etc/resolv.conf
. These locations are being relabeled
indiscriminately to match the container process-label which effectively
elevates permissions for savvy containers that would not normally be able
to access privileged host files. This issue has been resolved in version
1.5.9. Users are advised to upgrade as soon as possible.
Author | Note |
---|---|
alexmurray | This vulnerability is specific to when using containerd with SELinux, whilst SELinux is supported on Ubuntu it is not enabled by default. Hence setting the priority of this CVE to low. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | containerd | <ย 1.5.9-0ubuntu1~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | containerd | <ย 1.5.9-0ubuntu1~20.04.4 | UNKNOWN |
ubuntu | 21.10 | noarch | containerd | <ย 1.5.9-0ubuntu1~21.10.3 | UNKNOWN |
ubuntu | 22.04 | noarch | containerd | <ย 1.5.9-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | containerd | <ย 1.5.9-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | containerd | <ย 1.5.9-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | containerd | <ย 1.5.9-0ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | containerd | <ย any | UNKNOWN |
github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299
launchpad.net/bugs/cve/CVE-2021-43816
nvd.nist.gov/vuln/detail/CVE-2021-43816
security-tracker.debian.org/tracker/CVE-2021-43816
www.cve.org/CVERecord?id=CVE-2021-43816
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.0%