It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.3.3-0ubuntu1~18.04.3", "binary_name": "containerd" }, { "binary_version": "1.3.3-0ubuntu1~18.04.3", "binary_name": "containerd-dbgsym" }, { "binary_version": "1.3.3-0ubuntu1~18.04.3", "binary_name": "golang-github-docker-containerd-dev" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.3.3-0ubuntu2.1", "binary_name": "containerd" }, { "binary_version": "1.3.3-0ubuntu2.1", "binary_name": "containerd-dbgsym" }, { "binary_version": "1.3.3-0ubuntu2.1", "binary_name": "golang-github-docker-containerd-dev" } ] }