CVE-2024-25621
Last modified
CVE-2024-25621 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linuxfoundation | Containerd | < 1.7.29 | — |
| Linuxfoundation | Containerd | >= 2.0.0, < 2.0.7 | — |
| Linuxfoundation | Containerd | >= 2.1.0, < 2.1.5 | — |
| Linuxfoundation | Containerd | 2.2.0 | Beta0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-25621?
How severe is CVE-2024-25621?
How do I fix CVE-2024-25621?
Are you affected by CVE-2024-25621?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST