CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
mobyprojectmoby
𝑥
< 20.10.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
docker.io
bookworm
20.10.24+dfsg1-1
fixed
bullseye
20.10.5+dfsg1-1+deb11u2
fixed
bullseye (security)
20.10.5+dfsg1-1+deb11u3
fixed
buster
no-dsa
sid
26.1.5+dfsg1-4
fixed
trixie
26.1.5+dfsg1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
docker.io
bionic
Fixed 20.10.7-0ubuntu5
released
focal
Fixed 20.10.7-0ubuntu5
released
hirsute
ignored
impish
Fixed 20.10.7-0ubuntu5
released
jammy
Fixed 20.10.7-0ubuntu5
released
kinetic
Fixed 20.10.7-0ubuntu5
released
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
containerd
suse enterprise desktop 15 SP7
1.4.12-60.1
fixed
suse enterprise sap 12
1.4.12-16.49.1
fixed
suse enterprise sap 12 SP3
1.4.12-16.49.1
fixed
suse enterprise sap 12 SP4
1.4.12-16.49.1
fixed
suse enterprise sap 12 SP5
1.4.12-16.49.1
fixed
suse enterprise sap 15
1.4.11-56.1
fixed
suse enterprise sap 15 SP1
1.4.11-56.1
fixed
suse enterprise sap 15 SP2
1.4.11-56.1
fixed
suse enterprise sap 15 SP3
1.4.12-60.1
fixed
suse enterprise sap 15 SP4
1.4.12-60.1
fixed
suse enterprise sap 15 SP5
1.4.12-60.1
fixed
suse enterprise sap 15 SP6
1.4.12-60.1
fixed
suse enterprise sap 15 SP7
1.4.12-60.1
fixed
suse enterprise server 12
1.4.12-16.49.1
fixed
suse enterprise server 12 SP3
1.4.12-16.49.1
fixed
suse enterprise server 12 SP4
1.4.12-16.49.1
fixed
suse enterprise server 12 SP5
1.4.12-16.49.1
fixed
suse enterprise server 15
1.4.11-56.1
fixed
suse enterprise server 15 SP1
1.4.11-56.1
fixed
suse enterprise server 15 SP2
1.4.11-56.1
fixed
suse enterprise server 15 SP3
1.4.12-60.1
fixed
suse enterprise server 15 SP4
1.4.12-60.1
fixed
suse enterprise server 15 SP5
1.4.12-60.1
fixed
suse enterprise server 15 SP6
1.4.12-60.1
fixed
suse enterprise server 15 SP7
1.4.12-60.1
fixed
containerd-ctr
suse enterprise sap 15 SP5
1.4.12-60.1
fixed
suse enterprise sap 15 SP6
1.4.12-60.1
fixed
suse enterprise sap 15 SP7
1.4.12-60.1
fixed
suse enterprise server 15 SP5
1.4.12-60.1
fixed
suse enterprise server 15 SP6
1.4.12-60.1
fixed
suse enterprise server 15 SP7
1.4.12-60.1
fixed
runc
suse enterprise desktop 15 SP7
1.0.2-23.1
fixed
suse enterprise sap 12
1.0.2-16.14.1
fixed
suse enterprise sap 12 SP3
1.0.2-16.14.1
fixed
suse enterprise sap 12 SP4
1.0.2-16.14.1
fixed
suse enterprise sap 12 SP5
1.0.2-16.14.1
fixed
suse enterprise sap 15
1.0.2-23.1
fixed
suse enterprise sap 15 SP1
1.0.2-23.1
fixed
suse enterprise sap 15 SP2
1.0.2-23.1
fixed
suse enterprise sap 15 SP3
1.0.2-23.1
fixed
suse enterprise sap 15 SP4
1.0.2-23.1
fixed
suse enterprise sap 15 SP5
1.0.2-23.1
fixed
suse enterprise sap 15 SP6
1.0.2-23.1
fixed
suse enterprise sap 15 SP7
1.0.2-23.1
fixed
suse enterprise server 12
1.0.2-16.14.1
fixed
suse enterprise server 12 SP3
1.0.2-16.14.1
fixed
suse enterprise server 12 SP4
1.0.2-16.14.1
fixed
suse enterprise server 12 SP5
1.0.2-16.14.1
fixed
suse enterprise server 15
1.0.2-23.1
fixed
suse enterprise server 15 SP1
1.0.2-23.1
fixed
suse enterprise server 15 SP2
1.0.2-23.1
fixed
suse enterprise server 15 SP3
1.0.2-23.1
fixed
suse enterprise server 15 SP4
1.0.2-23.1
fixed
suse enterprise server 15 SP5
1.0.2-23.1
fixed
suse enterprise server 15 SP6
1.0.2-23.1
fixed
suse enterprise server 15 SP7
1.0.2-23.1
fixed
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/