UBUNTU-CVE-2021-43816

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-43816

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-43816.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-43816

Related

CVE-2021-43816

Published

2022-01-05T19:15:00Z

Modified

2025-01-13T10:22:38Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either /etc/hosts, /etc/hostname, or /etc/resolv.conf. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.

References

Affected packages

Ubuntu:Pro:16.04:LTS / containerd

Package

Name: containerd
Purl: pkg:deb/ubuntu/containerd@1.2.6-0ubuntu1~16.04.6+esm4?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.2.1-0ubuntu4~16.04

0.2.3-0ubuntu1~16.04

0.2.5-0ubuntu1~16.04.1

1.*

1.2.6-0ubuntu1~16.04.2

1.2.6-0ubuntu1~16.04.3

1.2.6-0ubuntu1~16.04.4

1.2.6-0ubuntu1~16.04.5

1.2.6-0ubuntu1~16.04.6

1.2.6-0ubuntu1~16.04.6+esm1

1.2.6-0ubuntu1~16.04.6+esm2

1.2.6-0ubuntu1~16.04.6+esm4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:18.04:LTS / containerd

Package

Name: containerd
Purl: pkg:deb/ubuntu/containerd@1.5.9-0ubuntu1~18.04.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.9-0ubuntu1~18.04.1

Affected versions

0.*

0.2.5-0ubuntu2

1.*

1.2.6-0ubuntu1~18.04.1

1.2.6-0ubuntu1~18.04.2

1.3.3-0ubuntu1~18.04.1

1.3.3-0ubuntu1~18.04.2

1.3.3-0ubuntu1~18.04.3

1.3.3-0ubuntu1~18.04.4

1.4.4-0ubuntu1~18.04.2

1.5.2-0ubuntu1~18.04.1

1.5.2-0ubuntu1~18.04.2

1.5.2-0ubuntu1~18.04.3

1.5.5-0ubuntu3~18.04.1

1.5.5-0ubuntu3~18.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.5.9-0ubuntu1~18.04.1",
            "binary_name": "containerd"
        },
        {
            "binary_version": "1.5.9-0ubuntu1~18.04.1",
            "binary_name": "containerd-dbgsym"
        },
        {
            "binary_version": "1.5.9-0ubuntu1~18.04.1",
            "binary_name": "golang-github-containerd-containerd-dev"
        }
    ]
}

Ubuntu:20.04:LTS / containerd

Package

Name: containerd
Purl: pkg:deb/ubuntu/containerd@1.5.9-0ubuntu1~20.04.4?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.9-0ubuntu1~20.04.4

Affected versions

1.*

1.2.10-0ubuntu1

1.3.2-0ubuntu1

1.3.3-0ubuntu1

1.3.3-0ubuntu2

1.3.3-0ubuntu2.1

1.3.3-0ubuntu2.2

1.3.3-0ubuntu2.3

1.4.4-0ubuntu1~20.04.2

1.5.2-0ubuntu1~20.04.1

1.5.2-0ubuntu1~20.04.2

1.5.2-0ubuntu1~20.04.3

1.5.5-0ubuntu3~20.04.1

1.5.5-0ubuntu3~20.04.2

1.5.9-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.5.9-0ubuntu1~20.04.4",
            "binary_name": "containerd"
        },
        {
            "binary_version": "1.5.9-0ubuntu1~20.04.4",
            "binary_name": "containerd-dbgsym"
        },
        {
            "binary_version": "1.5.9-0ubuntu1~20.04.4",
            "binary_name": "golang-github-containerd-containerd-dev"
        }
    ]
}

Ubuntu:22.04:LTS / containerd

Package

Name: containerd
Purl: pkg:deb/ubuntu/containerd@1.5.9-0ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.9-0ubuntu1

Affected versions

1.*

1.5.5-0ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.5.9-0ubuntu1",
            "binary_name": "containerd"
        },
        {
            "binary_version": "1.5.9-0ubuntu1",
            "binary_name": "containerd-dbgsym"
        },
        {
            "binary_version": "1.5.9-0ubuntu1",
            "binary_name": "golang-github-containerd-containerd-dev"
        }
    ]
}