CVE-2024-40635
published 2025-03-17CVE-2024-40635: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User…
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.27%
19.2th percentile
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| containerd | containerd | < 1.6.38 | 1.6.38 |
| containerd | containerd | — | — |
| containerd | containerd | — | — |
| containerd | containerd | >= 0 < 1.4.13~ds1-1~deb11u5 | 1.4.13~ds1-1~deb11u5 |
| containerd | containerd | >= 0 < 1.6.20~ds1-1+deb12u2 | 1.6.20~ds1-1+deb12u2 |
| containerd | containerd | >= 0 < 1.7.24~ds1-6 | 1.7.24~ds1-6 |
| containerd | containerd | >= 0 < 1.7.24~ds1-6 | 1.7.24~ds1-6 |
| debian | containerd | < containerd 1.6.20~ds1-1+deb12u2 (bookworm) | containerd 1.6.20~ds1-1+deb12u2 (bookworm) |
| debian | debian_linux | — | — |
| github.com | containerd_containerd | >= 0 < 1.6.38 | 1.6.38 |
| github.com | containerd_containerd | >= 1.7.0-beta.0 < 1.7.27 | 1.7.27 |
| github.com | containerd_containerd | >= 1.7.27 < 1.7.32 | 1.7.32 |
| github.com | containerd_containerd_v2 | >= 0 < 2.0.4 | 2.0.4 |
| github.com | containerd_containerd_v2 | >= 2.0.4 < 2.0.9 | 2.0.9 |
| github.com | containerd_containerd_v2 | >= 2.1.0-beta.0 < 2.2.4 | 2.2.4 |
| github.com | containerd_containerd_v2 | >= 2.3.0-beta.0 < 2.3.1 | 2.3.1 |
| linuxfoundation | containerd | < 1.6.38 | 1.6.38 |
| linuxfoundation | containerd | >= 1.7.0 < 1.7.27 | 1.7.27 |
| linuxfoundation | containerd | >= 2.0.0 < 2.0.4 | 2.0.4 |
| msrc | azl3_containerd2_2.0.0-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_containerd2_2.0.0-9_on_azure_linux_3.0 | — | — |
| msrc | azl3_containerd_1.7.13-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_moby-containerd-cc_1.7.7-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_moby-containerd-cc_1.7.7-11_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_moby-containerd_1.6.26-11_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa7.8HIGH
osv7.8HIGH
vendor_debian4.6MEDIUM
vendor_msrc4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
containerd vulnerability
vendor_ubuntu·2025-03-26
CVE-2024-40635 containerd vulnerability
Title: containerd vulnerability
Summary: containerd could be made to behave unexpectedly.
Benjamin Koltermann discovered that containerd incorrectly handled large
user id values. This could result in containers possibly being run as root,
contrary to expectations.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
containerd: containerd has an integer overflow in User ID handling
vendor_redhat·2025-03-17·CVSS 4.6
CVE-2024-40635 [MEDIUM] CWE-190 containerd: containerd has an integer overflow in User ID handling
containerd: containerd has an integer overflow in User ID handling
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
A flaw was found in containerd package. Containers launched with a User set as a UID:GID larger than the maximum 32-bit signed inte
Microsoft
containerd has an integer overflow in User ID handling
vendor_msrc·2025-03-11·CVSS 4.6
CVE-2024-40635 [MEDIUM] CWE-190 containerd has an integer overflow in User ID handling
containerd has an integer overflow in User ID handling
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://
Debian
CVE-2024-40635: containerd - containerd is an open-source container runtime. A bug was found in containerd pr...
vendor_debian·2024·CVSS 4.6
CVE-2024-40635 [MEDIUM] CVE-2024-40635: containerd - containerd is an open-source container runtime. A bug was found in containerd pr...
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
Scope: local
bookworm: resolved (fixed in 1.6.20~ds1-1+deb12u2)
bullseye: resolved (fixed in 1.4.13~ds1-1~deb11u5)
forky: resolved (fixed in 1.7.24~ds1-6)
sid: resolved (fixed in 1.7.24~ds1-6)
trixie:
GHSA
containerd user ID handling bypass allows runAsNonRoot evasion
ghsa·2026-05-21·CVSS 7.8
CVE-2026-46680 [HIGH] CWE-843 containerd user ID handling bypass allows runAsNonRoot evasion
containerd user ID handling bypass allows runAsNonRoot evasion
### Impact
A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes `runAsNonRoot` restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user.
### Patches
This bug has been fixed in the following containerd versions:
* 2.3.1
* 2.2.4
* 2.0.9
* 1.7.32
Note: The containerd 2.1 release has reached its [end of life](https://containerd.io/releases/#current-state-of-containerd-releases) and a f
OSV
containerd has an integer overflow in User ID handling in github.com/containerd/containerd
osv·2025-03-18
CVE-2024-40635 containerd has an integer overflow in User ID handling in github.com/containerd/containerd
containerd has an integer overflow in User ID handling in github.com/containerd/containerd
containerd has an integer overflow in User ID handling in github.com/containerd/containerd
GHSA
containerd has an integer overflow in User ID handling
ghsa·2025-03-17·CVSS 7.8
CVE-2024-40635 [HIGH] CWE-190 containerd has an integer overflow in User ID handling
containerd has an integer overflow in User ID handling
### Impact
A bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.
### Patches
This bug has been fixed in the following containerd versions:
* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)
* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)
* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)
Users s
OSV
CVE-2024-40635: containerd is an open-source container runtime
osv·2025-03-17·CVSS 7.8
CVE-2024-40635 [HIGH] CVE-2024-40635: containerd is an open-source container runtime
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
OSV
containerd has an integer overflow in User ID handling
osv·2025-03-17·CVSS 7.8
CVE-2024-40635 [HIGH] containerd has an integer overflow in User ID handling
containerd has an integer overflow in User ID handling
### Impact
A bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.
### Patches
This bug has been fixed in the following containerd versions:
* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)
* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)
* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)
Users s
No detection rules found.
No public exploits indexed.
https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4dahttps://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51ahttps://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmghttps://lists.debian.org/debian-lts-announce/2025/05/msg00005.html
2025-03-17
Published