CVE-2022-23648 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Unknown
Remote	Unknown
Type	Information disclosure
Description	containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2725	containerd	1.6.0-2	1.6.1-1	Unknown	Unknown

References
https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70 https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 https://github.com/containerd/containerd/releases/tag/v1.6.1

References

https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
https://github.com/containerd/containerd/releases/tag/v1.6.1

Notes
Workarounds: Ensure that only trusted images are used.