CVE-2024-40635: 
Docker vulnerability analysis and mitigation

A security vulnerability (CVE-2024-40635) was discovered in containerd, an open-source container runtime. The vulnerability affects versions prior to 1.6.38, 1.7.27, and 2.0.4, where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can trigger an overflow condition, causing the container to run as root (UID 0) (GitHub Advisory).

The vulnerability is an integer overflow condition in the User ID handling mechanism. When a container is launched with a UID or GID value larger than the maximum 32-bit signed integer (MaxInt32), the overflow results in the container running with root privileges (UID 0). The issue has been assigned a CVSS v3.1 base score of 4.6 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N (GitHub Advisory).

The vulnerability could lead to privilege escalation where containers intended to run as non-root users may unexpectedly execute with root privileges. This poses a security risk for environments that specifically require containers to operate with non-root users as part of their security posture (GitHub Advisory).

The vulnerability has been patched in containerd versions 1.6.38, 1.7.27, and 2.0.4. Users are advised to upgrade to these patched versions. As a temporary workaround, organizations should ensure that only trusted images are used and that only trusted users have permissions to import images (GitHub Advisory, Ubuntu Security).

The containerd project acknowledged the responsible disclosure by Benjamin Koltermann and emxll, who reported the vulnerability in accordance with the containerd security policy (GitHub Advisory).