Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.

Published

2022-01-05T19:15:08.717

Last Modified

2024-11-21T06:29:51.197

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-281
Type: Primary
CWE-281

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	containerd	< 1.5.9	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Application	linuxfoundation	containerd	1.5.0	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	fedoraproject	fedora	35	Yes

References

https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea Patch, Third Party Advisory ([email protected])
https://github.com/containerd/containerd/issues/6194 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c Third Party Advisory ([email protected])
https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299 Patch, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/ ([email protected])
https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containerd/containerd/issues/6194 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/ (af854a3a-2127-422b-91ae-364da2661108)