CVE-2024-40635

一、漏洞信息
 漏洞编号：[CVE-2024-40635](https://nvd.nist.gov/vuln/detail/CVE-2024-40635)
 漏洞归属组件：[containerd](https://gitee.com/src-openeuler/containerd)
 漏洞归属的版本：1.2.0,1.6.20,1.6.22
 CVSS V3.0分值：
  BaseScore：4.6 Medium
  Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
 漏洞简述：
  containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
 漏洞公开时间：2025-03-18 06:15:13
 漏洞创建时间：2025-03-18 04:40:05
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-40635
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| security-advisories.github.com | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da |  |
| security-advisories.github.com | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 |  |
| security-advisories.github.com | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a |  |
| security-advisories.github.com | https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40635 | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-40635 | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| suse_bugzilla | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| suse_bugzilla | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| suse_bugzilla | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| suse_bugzilla | https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2353043 | https://bugzilla.suse.com/show_bug.cgi?id=1239749 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2024-40635 |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2024-40635 |
| containerd | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635 | https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg |
| go | https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3528.yaml |
| go | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3528.yaml |
| go | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3528.yaml |
| go | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3528.yaml |
| osv | https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg | https://osv.dev/vulnerability/CVE-2024-40635 |
| osv | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da | https://osv.dev/vulnerability/CVE-2024-40635 |
| osv | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 | https://osv.dev/vulnerability/CVE-2024-40635 |
| osv | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a | https://osv.dev/vulnerability/CVE-2024-40635 |
| osv | https://security-tracker.debian.org/tracker/CVE-2024-40635 | https://osv.dev/vulnerability/CVE-2024-40635 |
| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2024-40635 | https://explore.alas.aws.amazon.com/CVE-2024-40635.html |
| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635 | https://explore.alas.aws.amazon.com/CVE-2024-40635.html |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da |  | security-advisories.github.com |
|  |  | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 |  | security-advisories.github.com |
|  |  | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a |  | security-advisories.github.com |
|  |  | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da |  | suse_bugzilla |
|  |  | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 |  | suse_bugzilla |
|  |  | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a |  | suse_bugzilla |
|  |  | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da |  | go |
|  |  | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 |  | go |
|  |  | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a |  | go |
|  |  | https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da |  | osv |
|  |  | https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 |  | osv |
|  |  | https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a |  | osv |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  启动容器时将用户设置为“UID:GID”大于最大 32 位有符号整数会导致溢出情况，容器最终以 root（UID 0）身份运行。这可能会导致需要以非 root 用户身份运行容器的环境出现意外行为
 openEuler评分：
  4.6
 Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
 受影响版本排查(受影响/不受影响)：
  1.master(1.6.22):受影响
2.openEuler-20.03-LTS-SP4(1.2.0):受影响
3.openEuler-22.03-LTS-SP3(1.2.0):受影响
4.openEuler-22.03-LTS-SP4(1.2.0):受影响
5.openEuler-24.03-LTS(1.6.22):受影响
6.openEuler-24.03-LTS-Next(1.6.22):受影响
7.openEuler-24.03-LTS-SP1(1.6.22):受影响

修复是否涉及abi变化(是/否)：
  1.master(1.6.22):否
2.openEuler-20.03-LTS-SP4(1.2.0):否
3.openEuler-22.03-LTS-SP3(1.2.0):否
4.openEuler-22.03-LTS-SP4(1.2.0):否
5.openEuler-24.03-LTS(1.6.22):否
6.openEuler-24.03-LTS-Next(1.6.22):否
7.openEuler-24.03-LTS-SP1(1.6.22):否

原因说明：
  1.master(1.6.22):正常修复
2.openEuler-20.03-LTS-SP4(1.2.0):正常修复
3.openEuler-22.03-LTS-SP3(1.2.0):正常修复
4.openEuler-22.03-LTS-SP4(1.2.0):正常修复
5.openEuler-24.03-LTS(1.6.22):正常修复
6.openEuler-24.03-LTS-Next(1.6.22):正常修复
7.openEuler-24.03-LTS-SP1(1.6.22):正常修复

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1350

src-openEuler/containerd
关闭

内容风险标识

评论 (7)

src-openEuler/containerd关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-40635

评论 (7)

搜索帮助

src-openEuler/containerd
关闭