DEBIAN-CVE-2021-32760

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2021-32760

Published: 19 Jul 2021, 21:15

Last modified:28 Apr 2026, 20:22

Vulnerability Summary

Overall Risk (default)

medium

25/100

CVSS Score

6.3 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jul 2021, 21:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:22

Last Modified

Vulnerability information updated

Description

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.

CVSS Metrics

v3.1•MEDIUM•Score: 6.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Systems

debian•containerd
< 1.4.5~ds1-2 | < 1.4.5~ds1-2 | < 1.4.5~ds1-2 | < 1.4.5~ds1-2

References (1)

https://security-tracker.debian.org/tracker/CVE-2021-32760