Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix containerd CVE-2022-23648 #258

Merged
merged 1 commit into from
Mar 4, 2022
Merged

fix containerd CVE-2022-23648 #258

merged 1 commit into from
Mar 4, 2022

Conversation

dixudx
Copy link
Member

@dixudx dixudx commented Mar 4, 2022

Signed-off-by: Di Xu stephenhsu90@gmail.com

What type of PR is this?

kind/security

What this PR does / why we need it:

CVE-2022-23648

Impact

A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.

Patches

This bug has been fixed in containerd 1.6.1, 1.5.10 and 1.4.13. Users should update to these versions to resolve the issue.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

@dixudx
fix containerd CVE-2022-23648
a980245 
Signed-off-by: Di Xu <stephenhsu90@gmail.com>
@dixudx dixudx added this to the v0.8.0 milestone Mar 4, 2022
@dixudx dixudx merged commit 268f204 into clusternet:main Mar 4, 2022
@dixudx dixudx deleted the fix-containerd-cve branch March 4, 2022 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/security
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.
1 participant
@dixudx