CVE-2024-40635

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-40635
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 2.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da
https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20
https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a
https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg
https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html
Configurations

No configuration.

History

04 May 2025, 22:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html -
Summary
  • (es) Containerd es un entorno de ejecución de contenedores de código abierto. Se detectó un error en containerd anterior a las versiones 1.6.38, 1.7.27 y 2.0.4. Al iniciar contenedores con un usuario definido como `UID:GID` mayor que el entero con signo de 32 bits máximo, se podía producir un desbordamiento, lo que provocaba que el contenedor se ejecutara como root (UID 0). Esto podía causar un comportamiento inesperado en entornos que requieren que los contenedores se ejecuten como un usuario no root. Este error se ha corregido en containerd 1.6.38, 1.7.27 y 2.04. Como workaround, asegúrese de que solo se utilicen imágenes de confianza y de que solo los usuarios de confianza tengan permisos para importar imágenes.

17 Mar 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-17 22:15

Updated : 2025-05-04 22:15

NVD link : CVE-2024-40635

Mitre link : CVE-2024-40635

CVE.ORG link : CVE-2024-40635

JSON object : View

Products Affected

No product.

CWE
CWE-190

Integer Overflow or Wraparound