Headline
CVE-2021-21284: Merge pull request #41964 from thaJeztah/CVE-2021-21284_master · moby/moby@64bd448
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "–userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under “/var/lib/docker/<remapping>” that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Permalink
Browse files
Merge pull request #41964 from thaJeztah/CVE-2021-21284_master
[master] Fix Access to remapped root allows privilege escalation to real root (CVE-2021-21284)
- Loading branch information
Showing with 69 additions and 71 deletions.
- +1 −1 daemon/container_operations_unix.go
- +2 −4 daemon/create.go
- +4 −6 daemon/daemon.go
- +10 −4 daemon/daemon_unix.go
- +3 −6 daemon/graphdriver/aufs/aufs.go
- +3 −7 daemon/graphdriver/btrfs/btrfs.go
- +5 −9 daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go
- +7 −9 daemon/graphdriver/overlay/overlay.go
- +4 −8 daemon/graphdriver/overlay2/overlay.go
- +2 −3 daemon/graphdriver/vfs/driver.go
- +1 −5 daemon/graphdriver/zfs/zfs.go
- +8 −3 pkg/idtools/idtools.go
- +10 −4 pkg/idtools/idtools_unix.go
- +9 −2 volume/local/local.go