CVE-2020-15257 — Incorrect Resource Transfer Between Spheres in Containerd
Severity
5.2MEDIUMNVD
EPSS
11.1%
top 6.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedDec 1
Latest updateAug 21
Description
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 2.0 | Impact: 2.7
Affected Packages4 packages
Also affects: Debian Linux 10.0, Fedora 33