CVE-2021-43816Improper Preservation of Permissions in Containerd Containerd

CWE-281Improper Preservation of Permissions8 documents6 sources
Severity
9.1CRITICALNVD
CNA8.0
EPSS
0.1%
top 64.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ContainerdGithub.com Containerd ContainerdLinuxfoundation Containerd+1 more
Timeline
PublishedJan 5
Latest updateAug 21

Description

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostna

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

NVDlinuxfoundation/containerd1.5.11.5.9+1
Debiancontainerd/containerd< 1.5.9~ds1-1+2
CVEListV5containerd/containerd>= 1.5.0, < 1.5.9

Also affects: Fedora 34, 35

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux in github.com/containerd/containerd2024-08-21
OSV
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux2022-01-06
GHSA
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux2022-01-06
CVEList
Improper Preservation of Permissions in containerd2022-01-05
OSV
CVE-2021-43816: containerd is an open source container runtime2022-01-05

📋Vendor Advisories

2
Red Hat
containerd: Unprivileged pod may bind mount any privileged regular file on disk2022-01-05
Debian
CVE-2021-43816: containerd - containerd is an open source container runtime. On installations using SELinux, ...2021
CVE-2021-43816 — Improper Preservation of Permissions | cvebase