CVE List

Containerd

CVE

Title

Affected versions

References

CVE-2022-23648

Containers that launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host

<= 1.4.12

1.5.0 - 1.5.9

1.6.0

> Technical Advisory: containerd - Insecure handling of image volumes

> PoC for CVE-2022-23648

CVE-2021-41103

Insufficiently restricted permissions on container root and plugin directories

<1.4.11

<1.5.7

Github advisories: GHSA-c2h3-6mxw-7mvq

CVE-2021-32760

Archive package allows chmod of file outside of unpack target directory

<=1.4.7

<=1.5.3

Github advisories: GHSA-c72p-9xmj-rx3w

CVE-2021-21334

containerd CRI plugin: environment variables can leak between containers

<=1.3.9

<= 1.4.3

Github advisories: GHSA-6g2q-w5j3-fwh4

CVE-2020-15257

containerd-shim API Exposed to Host Network Containers

<=1.3.7

1.4.0

1.4.1

Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

CVE-2020-15157

containerd v1.2.x can be coerced into leaking credentials during image pull

< 1.3.0

> Github advisories: GHSA-742w-89gc-8m9c

> CVE-2020-15157 "ContainerDrip" Write-up

CRI-O

CVE

Title

Affected versions

References

CVE-2022-0811

Rights to deploy a pod on a Kubernetes cluster leads to abusing the kernel.core_pattern parameter

>1.19.0

cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

Linux kernel

CVE

Title

Required capabilities

References

CVE-2022-47939

A use-after-free vulnerability in fs/ksmbd/smb2pdu.c

?

> Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

CVE-2022-34918

A type confusion bug in nft_set_elem_init that leads to a buffer overflow.

CAP_NET_ADMIN

> CVE-2022-34918 A crack in the Linux firewall

> Github: randorisec/CVE-2022-34918-LPE-PoC

CVE-2022-32250

A use-after-free vulnerability in the Netfilter subsystem

?

> Linux Kernel Exploit (CVE-2022-32250) with mqueue

> SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)

CVE-2022-29582

A use-after-free vulnerability in fs/io_uring.c due to a race condition in io_uring timeouts

> CVE-2022-29582: An io_uring vulnerability

> Github: Ruia-ruia/CVE-2022-29582-Exploit

CVE-2022-27666

A heap buffer overflow vulnerability in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c that allows a local attacker with a normal user privilege to overwrite kernel heap objects.

?

> CVE-2022-27666: Exploit esp6 modules in Linux kernel

> Github: plummm/CVE-2022-27666

CVE-2022-2602

A use-after-free vulnerability when an io_uring request is being processed.

> DirtyCred Remastered: how to turn an UAF into Privilege Escalation

> Github: LukeGix/CVE-2022-2602

CVE-2022-2588

A use-after-free vulnerability in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel.

CAP_NET_ADMIN

> DirtyCred: Opening Pandora’s Box to Current and Future Container Escapes

> Markakd/CVE-2022-2588

CVE-2022-25636

An out-of-bounds memory access leads to privilege escalation

CAP_NET_ADMIN

The Discovery and Exploitation of CVE-2022-25636

CVE-2022-1786

A use-after-free flaw in io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring.

?

CVE-2022-1786 A Journey To The Dawn

CVE-2022-1015

A flaw in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem that allows a local user to cause an out-of-bounds write issue

CAP_NET_ADMIN

> CVE-2022-1015: A validation flaw in Netfilter leading to Local Privilege Escalation

> How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables

CVE-2022-0995

An out-of-bounds memory write flaw in watch_queue event notification subsystem that can overwrite parts of the kernel state.

?

Github: Bonfee/CVE-2022-0995

CVE-2022-0847

A vulnerability which allows overwriting data in arbitrary read-only files and leads to privilege escalation via injecting code into root processes

CAP_DAC_READ_SEARCH

> The Dirty Pipe Vulnerability

> DirtyPipe (CVE-2022-0847) – the new DirtyCoW?

> Github: greenhandatsjtu/CVE-2022-0847-Container-Escape

> Github: Al1ex/CVE-2022-0847

CVE-2022-0492

Missing verification allows setting the release_agent file for the process without administrative privileges

CAP_SYS_ADMIN

Disabled AppArmor/SELinux

Disabled Seccomp

New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?

CVE-2022-0185

A heap-based buffer overflow flaw in the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel

CAP_SYS_ADMIN

or unshare(CLONE_NEWNS|CLONE_NEWUSER)

> CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers

> CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

> Github: Crusaders-of-Rust/CVE-2022-0185

CVE-2021-22555

A heap out-of-bounds write in Linux Netfilter

CAP_NET_ADMIN

CVE-2021-22555: Turning \x00\x00 into 10000$

CVE-2021-31440

The flaw in handling of eBPF programs leads to escalate privileges

CAP_SYS_MODULE

CVE-2021-31440: AN INCORRECT BOUNDS CALCULATION IN THE LINUX KERNEL EBPF VERIFIER

CVE-2020-8835

The bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory

CAP_SYS_ADMIN

CVE-2020-8835: LINUX KERNEL PRIVILEGE ESCALATION VIA IMPROPER EBPF PROGRAM VERIFICATION

CVE-2017-7308

The packet_set_ring function in net/packet/af_packet.c does not properly validate certain block-size data, which allows local users to gain privileges via crafted system calls.

CAP_NET_RAW

Exploiting the Linux kernel via packet sockets