Bug 2353043 (CVE-2024-40635)

Summary: CVE-2024-40635 containerd: containerd has an integer overflow in User ID handling
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abarbaro, adudiak, alcohan, alizardo, anjoseph, anpicker, aprice, bdettelb, brainfor, caswilli, crizzo, dfreiber, dhanak, doconnor, drosa, drow, dsimansk, dymurray, fdeutsch, gparvin, hasun, jbalunas, jburrell, jcantril, jchui, jforrest, jfula, jhe, jkoehler, jmatthew, jowilson, jprabhak, jsamir, jwendell, kaycoth, kingland, kshier, ktsao, kverlaen, ldai, lgamliel, ljawale, lphiri, lsharar, lucarval, luizcosta, matzew, mnovotny, mpierce, nboldt, njean, nweather, nyancey, oezr, omaciel, ometelka, oramraz, owatkins, pahickey, pakotvan, periklis, pierdipi, psrna, ptisnovs, rbobbitt, rcernich, rfreiman, rhaigner, rhuss, rjohnson, rojacob, sausingh, smullick, stcannon, sthirugn, stirabos, syedriko, teagle, thason, vkrizan, vkumar, whayutin, wtam, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in containerd package. Containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This issue could cause unexpected behavior for environments that require containers to run as a non-root user.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2353082, 2353076, 2353077, 2353078, 2353079, 2353080, 2353081, 2353083, 2353084, 2353085, 2353086, 2353087, 2353088, 2353089, 2353090, 2353091, 2353092, 2353093, 2353094, 2353095, 2353096, 2353097, 2353098, 2353099, 2353100, 2353101, 2353102, 2353103, 2353104, 2353105    
Bug Blocks:    

Description OSIDB Bzimport 2025-03-17 22:01:17 UTC 
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.