Container Runtime Vulnerability in containerd by Docker
CVE-2024-40635
Key Information:
- Vendor
Containerd
- Status
- Vendor
- CVE Published:
- 17 March 2025
Badges
What is CVE-2024-40635?
A vulnerability in containerd, an open-source container runtime maintained by Docker, has been identified where containers launched with a user set as a UID:GID exceeding the maximum allowable 32-bit signed integer can trigger an overflow condition. This flaw may result in the container executing with root privileges (UID 0), potentially compromising security in environments where containers are expected to operate as non-root users. To mitigate this issue, users should update to containerd versions 1.6.38, 1.7.27, or 2.0.4. Additionally, it is advised to only utilize trusted images and restrict image import permissions to authorized users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
containerd < 1.6.38 < 1.6.38
containerd >= 1.7.0-beta.0, < 1.7.27 < 1.7.0-beta.0, 1.7.27
containerd >= 2.0.0-beta.0, < 2.0.4 < 2.0.0-beta.0, 2.0.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
