CVE-2021-21284
Public on 2021-02-02
Modified on 2021-12-02
Description
A flaw was found in the `userns-remap` feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | docker | 2021-11-11 | ALAS-2021-1550 | Fixed |
Amazon Linux 2 - Docker Extra | docker | 2021-10-19 | ALAS2DOCKER-2021-001 | Fixed |
Amazon Linux 2 - Ecs Extra | docker | 2023-10-18 | ALAS2ECS-2023-015 | Fixed |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2021-10-19 | ALAS2NITRO-ENCLAVES-2021-001 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
NVD | CVSSv3 | 6.8 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
NVD | CVSSv2 | 2.7 | AV:A/AC:L/Au:S/C:N/I:P/A:N |