CVE-2024-40635

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions containerd versions prior to 1.6.38 containerd versions prior to 1.7.27 containerd versions prior to 2.0.4

Description A bug was found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.

Recommendations For versions prior to 1.6.38, update to version 1.6.38 or later. For versions prior to 1.7.27, update to version 1.7.27 or later. For versions prior to 2.0.4, update to version 2.0.4 or later. As a temporary workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2025-10622

ALT-PU-2025-11307

AZL-58844

AZL-58845

AZL-58867

AZL-60893

AZL-60897

BDU:2025-05194

CVE-2024-40635

DLA-4153-1

GHSA-265R-HFXG-FHMG

GO-2025-3528

MGASA-2025-0130

OESA-2025-1324

OESA-2025-1325

OESA-2025-1348

OESA-2025-1349

OESA-2025-1350

OPENSUSE-SU-2025:14910-1

OPENSUSE-SU-2025:15039-1

OPENSUSE-SU-2025:15169-1

OPENSUSE-SU-2025_1345-1

SUSE-SU-2025:1345-1

SUSE-SU-2025:1346-1

SUSE-SU-2025:20216-1

SUSE-SU-2025:20459-1

SUSE-SU-2025_1345-1

SUSE-SU-2025_1346-1

USN-7374-1

Affected Products

Alt Linux

Astra Linux

Debian

Kubernetes Containerd

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-40635

Weakness Enumeration

Related Identifiers

Affected Products

References · 76