PT-2022-2056 · Unknown+7 · Kubernetes Containerd+6

Felix Wilhelm

·

Published

2022-03-02

·

Updated

2026-02-11

·

CVE-2022-23648

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions containerd versions prior to 1.6.1 containerd versions prior to 1.5.10 containerd versions prior to 1.4.12
Description A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup, including a Kubernetes Pod Security Policy, and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.
Recommendations Update to containerd version 1.6.1 to resolve the issue. Update to containerd version 1.5.10 to resolve the issue. Update to containerd version 1.4.12 to resolve the issue. As a temporary workaround, ensure that only trusted images are used.

Exploit

Fix

Information Disclosure

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-287

Related Identifiers

ALSA-2025_16880
ALT-PU-2022-1470
ALT-PU-2022-3197
ALT-PU-2024-12206
BDU:2022-01715
CVE-2022-23648
DSA-5091-1
GHSA-CRP2-QRR5-8PQ7
GO-2022-0344
MGASA-2022-0088
OESA-2022-1671
OPENSUSE-SU-2022:0720-1
OPENSUSE-SU-2022:10022-1
OPENSUSE-SU-2022:10094-1
OPENSUSE-SU-2022_0720-1
OPENSUSE-SU-2022_1689-1
OPENSUSE-SU-2024:11891-1
OPENSUSE-SU-2024:12008-1
SUSE-SU-2022:0719-1
SUSE-SU-2022:0720-1
SUSE-SU-2022:0720-2
SUSE-SU-2022:1507-1
SUSE-SU-2022:1689-1
SUSE-SU-2022_0719-1
SUSE-SU-2022_0720-1
SUSE-SU-2022_1507-1
SUSE-SU-2022_1689-1
USN-5311-1
USN-5311-2
USN-5521-1

Affected Products

Alt Linux
Astra Linux
Kubernetes Containerd
Linuxmint
Red Os
Suse
Ubuntu