CVE List
Containerd
Containers that launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host
<= 1.4.12
1.5.0 - 1.5.9
1.6.0
Insufficiently restricted permissions on container root and plugin directories
<1.4.11
<1.5.7
Archive package allows chmod of file outside of unpack target directory
<=1.4.7
<=1.5.3
containerd CRI plugin: environment variables can leak between containers
<=1.3.9
<= 1.4.3
containerd-shim API Exposed to Host Network Containers
<=1.3.7
1.4.0
1.4.1
containerd v1.2.x can be coerced into leaking credentials during image pull
< 1.3.0
CRI-O
Rights to deploy a pod on a Kubernetes cluster leads to abusing the kernel.core_pattern parameter
>1.19.0
Linux kernel
A use-after-free vulnerability in fs/ksmbd/smb2pdu.c
?
A type confusion bug in nft_set_elem_init that leads to a buffer overflow.
CAP_NET_ADMIN
A use-after-free vulnerability in the Netfilter subsystem
?
A use-after-free vulnerability in fs/io_uring.c due to a race condition in io_uring timeouts
-
A heap buffer overflow vulnerability in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c that allows a local attacker with a normal user privilege to overwrite kernel heap objects.
?
A use-after-free vulnerability when an io_uring request is being processed.
A use-after-free vulnerability in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel.
CAP_NET_ADMIN
An out-of-bounds memory access leads to privilege escalation
CAP_NET_ADMIN
A use-after-free flaw in io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring.
?
A flaw in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem that allows a local user to cause an out-of-bounds write issue
CAP_NET_ADMIN
An out-of-bounds memory write flaw in watch_queue event notification subsystem that can overwrite parts of the kernel state.
?
A vulnerability which allows overwriting data in arbitrary read-only files and leads to privilege escalation via injecting code into root processes
CAP_DAC_READ_SEARCH
Missing verification allows setting the release_agent file for the process without administrative privileges
CAP_SYS_ADMIN
Disabled AppArmor/SELinux
Disabled Seccomp
A heap-based buffer overflow flaw in the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel
CAP_SYS_ADMIN
A heap out-of-bounds write in Linux Netfilter
CAP_NET_ADMIN
The flaw in handling of eBPF programs leads to escalate privileges
CAP_SYS_MODULE
The bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory
CAP_SYS_ADMIN
The packet_set_ring function in net/packet/af_packet.c does not properly validate certain block-size data, which allows local users to gain privileges via crafted system calls.
CAP_NET_RAW
RunC
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
<=1.0.0-rc94
procfs race condition with a shared volume mount
<1.0.0-rc10
Overwrite host runc binary due to file-descriptor mishandling
<=1.0-rc6
References
Zeronights 2021: Dmitriy Evdokimov – Container escapes Kubernetes edition
Last updated