📦 Containerd

Containerd versions before 1.7.29, 2.0.7, 2.1.5, and 2.2.0 create critical directories with overly permissive access controls, allowing group/world read/write access. This vulnerability enables local ...

A bug in containerd's CRI implementation fails to place usernamespaced containers under Kubernetes' cgroup hierarchy, causing Kubernetes resource limits to be ignored. This can lead to denial of servi...

This vulnerability in containerd allows containers with specially-crafted image configurations to access read-only copies of arbitrary host files and directories. It bypasses container security polici...

This CVE describes a memory exhaustion vulnerability in containerd's CRI Attach implementation where goroutine leaks allow users to consume host memory. Affected users are those running vulnerable ver...

A TOCTOU vulnerability in containerd v2.1.0 allows specially crafted container images to modify the host filesystem during image unpacking. Only containerd 2.1.0 is affected, impacting containerized e...

A vulnerability in containerd allows containers launched with UID/GID values exceeding 32-bit signed integer limits to overflow and run as root (UID 0) instead of the intended non-root user. This affe...