Bug 2353043 (CVE-2024-40635)

Summary: CVE-2024-40635 containerd: containerd has an integer overflow in User ID handling
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abarbaro, adudiak, alcohan, anjoseph, anpicker, aprice, bdettelb, brainfor, caswilli, cdaley, dfreiber, dhanak, doconnor, drow, dsimansk, dymurray, fdeutsch, gparvin, hasun, jburrell, jcantril, jchui, jforrest, jfula, jhe, jkoehler, jmatthew, jowilson, jprabhak, jsamir, jwendell, kaycoth, kingland, kshier, ktsao, kverlaen, ldai, lgamliel, ljawale, lphiri, lsharar, lucarval, luizcosta, matzew, mnovotny, mpierce, nboldt, njean, nweather, nyancey, omaciel, ometelka, oramraz, owatkins, pahickey, periklis, pierdipi, psrna, ptisnovs, rbobbitt, rcernich, rfreiman, rhaigner, rhuss, rjohnson, rojacob, sausingh, smullick, stcannon, sthirugn, stirabos, syedriko, teagle, thason, vkrizan, vkumar, whayutin, wtam, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in containerd package where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2353077, 2353080, 2353082, 2353094, 2353095, 2353098, 2353099, 2353101, 2353103, 2353104, 2353105, 2353076, 2353078, 2353079, 2353081, 2353083, 2353084, 2353085, 2353086, 2353087, 2353088, 2353089, 2353090, 2353091, 2353092, 2353093, 2353096, 2353097, 2353100, 2353102    
Bug Blocks:    

Description OSIDB Bzimport 2025-03-17 22:01:17 UTC 
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.