PT-2020-5850 · Docker+3 · Docker+3

Alex Chapman

Published

2020-12-22

Updated

2025-10-11

CVE-2021-21284

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Docker versions prior to 19.03.15 Docker versions prior to 20.10.3

Description: The issue involves the --userns-remap option, which allows privilege escalation to real root when the root user in the remapped namespace has access to the host filesystem. This can lead to writing files with extended privileges under "/var/lib/docker/".

Recommendations: For Docker versions prior to 19.03.15, update to version 19.03.15 or later to prevent privilege escalation from remapped user. For Docker versions prior to 20.10.3, update to version 20.10.3 or later to prevent privilege escalation from remapped user. As a temporary workaround, consider restricting access to the host filesystem for the root user in the remapped namespace to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2021-4842

BDU:2021-01893

CVE-2021-21284

DSA-4865-1

GHSA-7452-XQPJ-6RPC

OESA-2021-1102

OPENSUSE-SU-2021:0278-1

OPENSUSE-SU-2021:0878-1

OPENSUSE-SU-2021:1954-1

OPENSUSE-SU-2021_0278-1

OPENSUSE-SU-2021_0878-1

OPENSUSE-SU-2021_1954-1

OPENSUSE-SU-2024:10722-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2021:0435-1

SUSE-SU-2021:0445-1

SUSE-SU-2021:1458-1

SUSE-SU-2021:1954-1

SUSE-SU-2021_1954-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

USN-5032-1

USN-5032-2

Affected Products

Alt Linux

Astra Linux

Docker

Suse

PT-2020-5850 · Docker+3 · Docker+3

CVE-2021-21284

Weakness Enumeration

Related Identifiers

Affected Products

References · 317