CVE & CISA-KEV Catalog

CVE-2021-41103

HIGH
7.8
CVSS v3
NVD

Description

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.

How to fix

Remediation Available
containerdDebian
Fixed in:1.4.5~ds1-2+deb11u1CVE-2021-41103
Fixed in:1.5.7~ds1-1CVE-2021-41103
Fixed in:1.5.7~ds1-1CVE-2021-41103
Fixed in:1.5.7~ds1-1CVE-2021-41103
containerdUbuntu
Fixed in:1.2.6-0ubuntu1~16.04.6+esm2USN-5521-1
Fixed in:1.5.2-0ubuntu1~18.04.3USN-5100-1
Fixed in:1.5.2-0ubuntu1~20.04.3USN-5100-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.48%probability of exploitation in 30 days
38thpercentile

Low risk: more likely to be exploited than 38% of all known CVEs.

References

Related Vulnerabilities

Other CWE-22 (Path Traversal) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-23897Critical9.8100%KEV + RansomFix
CVE-2023-32315High8.6100%KEVFix
CVE-2022-29464Critical9.8100%KEV + Ransom-
CVE-2021-26086Medium5.3100%KEVFix
CVE-2021-22005Critical9.8100%KEV + RansomFix
CVE-2020-5902Critical9.8100%KEV + RansomFix
Embed a live status badge for CVE-2021-41103
CVE-2021-41103 severity badge

Markdown

[![CVE-2021-41103](https://tridentstack.com/cve/badge/CVE-2021-41103.svg)](https://tridentstack.com/cve/CVE-2021-41103)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-41103"><img src="https://tridentstack.com/cve/badge/CVE-2021-41103.svg" alt="CVE-2021-41103"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.