Intel

AIKIDO-2024-10009

github.com/containerd/containerd is vulnerable to Remote Code Execution (RCE)

Remote Code Execution (RCE)CVE-2024-21626 Published Jan 31, 2024

86

High Risk

This Affects:

Gogithub.com/containerd/containerd
1.0.0 - 1.6.27
Fixed in 1.6.28
1.7.0 - 1.7.12
Fixed in 1.7.13
Are you affected? Scan for Free

TL;DR

Affected versions of this library are vulnerable to container breakout, allowing attackers to escape the container's isolation.

Who does this affect?

You use containerd to run untrusted images.

Background info

github.com/containerd/containerd is vulnerable to Remote Code Execution (RCE) in versions 1.0.0 - 1.6.27 and 1.7.0 - 1.7.12.

How to fix this

Upgrade containerd to any of the patched versions

Links

Other

aws.amazon.com/security/security-bulletins/AWS-2024-001/
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html
openwall.com/lists/oss-security/2024/02/01/1
http://www.openwall.com/lists/oss-security/2024/02/01/1
openwall.com/lists/oss-security/2024/02/02/3
http://www.openwall.com/lists/oss-security/2024/02/02/3
lists.debian.org/debian-lts-announce/2024/02/msg00005.html
https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/
vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626
https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626
access.redhat.com/errata/RHSA-2024:0645
https://access.redhat.com/errata/RHSA-2024:0645
access.redhat.com/errata/RHSA-2024:0662
https://access.redhat.com/errata/RHSA-2024:0662
access.redhat.com/errata/RHSA-2024:0666
https://access.redhat.com/errata/RHSA-2024:0666
access.redhat.com/errata/RHSA-2024:0670
https://access.redhat.com/errata/RHSA-2024:0670
access.redhat.com/errata/RHSA-2024:0684
https://access.redhat.com/errata/RHSA-2024:0684
access.redhat.com/errata/RHSA-2024:0717
https://access.redhat.com/errata/RHSA-2024:0717
access.redhat.com/errata/RHSA-2024:0748
https://access.redhat.com/errata/RHSA-2024:0748
access.redhat.com/errata/RHSA-2024:0752
https://access.redhat.com/errata/RHSA-2024:0752
access.redhat.com/errata/RHSA-2024:0755
https://access.redhat.com/errata/RHSA-2024:0755
access.redhat.com/errata/RHSA-2024:0756
https://access.redhat.com/errata/RHSA-2024:0756
access.redhat.com/errata/RHSA-2024:0757
https://access.redhat.com/errata/RHSA-2024:0757
access.redhat.com/errata/RHSA-2024:0758
https://access.redhat.com/errata/RHSA-2024:0758
access.redhat.com/errata/RHSA-2024:0759
https://access.redhat.com/errata/RHSA-2024:0759
access.redhat.com/errata/RHSA-2024:0760
https://access.redhat.com/errata/RHSA-2024:0760
access.redhat.com/errata/RHSA-2024:0764
https://access.redhat.com/errata/RHSA-2024:0764
access.redhat.com/errata/RHSA-2024:10149
https://access.redhat.com/errata/RHSA-2024:10149
access.redhat.com/errata/RHSA-2024:10520
https://access.redhat.com/errata/RHSA-2024:10520
access.redhat.com/errata/RHSA-2024:10525
https://access.redhat.com/errata/RHSA-2024:10525
access.redhat.com/errata/RHSA-2024:10841
https://access.redhat.com/errata/RHSA-2024:10841
access.redhat.com/errata/RHSA-2024:1270
https://access.redhat.com/errata/RHSA-2024:1270
access.redhat.com/errata/RHSA-2024:4597
https://access.redhat.com/errata/RHSA-2024:4597
access.redhat.com/errata/RHSA-2025:0115
https://access.redhat.com/errata/RHSA-2025:0115
access.redhat.com/errata/RHSA-2025:0650
https://access.redhat.com/errata/RHSA-2025:0650
access.redhat.com/errata/RHSA-2025:1711
https://access.redhat.com/errata/RHSA-2025:1711
access.redhat.com/errata/RHSA-2025:2441
https://access.redhat.com/errata/RHSA-2025:2441
access.redhat.com/errata/RHSA-2025:2701
https://access.redhat.com/errata/RHSA-2025:2701
access.redhat.com/errata/RHSA-2025:2710
https://access.redhat.com/errata/RHSA-2025:2710
access.redhat.com/security/cve/CVE-2024-21626
https://access.redhat.com/security/cve/CVE-2024-21626
bugzilla.redhat.com/show_bug.cgi?id=2258725
https://bugzilla.redhat.com/show_bug.cgi?id=2258725
security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21626.json
https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21626.json