Container Runtime Vulnerability in containerd by Docker
CVE-2024-40635
Key Information:
- Vendor
Containerd
- Status
- Vendor
- CVE Published:
- 17 March 2025
Badges
What is CVE-2024-40635?
A vulnerability in containerd, an open-source container runtime maintained by Docker, has been identified where containers launched with a user set as a UID:GID exceeding the maximum allowable 32-bit signed integer can trigger an overflow condition. This flaw may result in the container executing with root privileges (UID 0), potentially compromising security in environments where containers are expected to operate as non-root users. To mitigate this issue, users should update to containerd versions 1.6.38, 1.7.27, or 2.0.4. Additionally, it is advised to only utilize trusted images and restrict image import permissions to authorized users.
Affected Version(s)
containerd < 1.6.38 < 1.6.38
containerd >= 1.7.0-beta.0, < 1.7.27 < 1.7.0-beta.0, 1.7.27
containerd >= 2.0.0-beta.0, < 2.0.4 < 2.0.0-beta.0, 2.0.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.