Bug 1181732 - (CVE-2021-21284) VUL-1: CVE-2021-21284: docker: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem
(CVE-2021-21284)
VUL-1: CVE-2021-21284: docker: potential privilege escalation when the root u...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Aleksa Sarai
Security Team bot
https://smash.suse.de/issue/276997/
CVSSv3.1:SUSE:CVE-2021-21284:2.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-03 10:31 UTC by Alexandros Toptsoglou
Modified: 2021-07-10 17:58 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-02-03 10:31:44 UTC
CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving
the --userns-remap option in which access to remapped root allows privilege
escalation to real root. When using "--userns-remap", if the root user in the
remapped namespace has access to the host filesystem they can modify files under
"/var/lib/docker/<remapping>" that cause writing files with extended privileges.
Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation
from remapped user.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
https://github.com/moby/moby/releases/tag/v19.03.15
https://github.com/moby/moby/releases/tag/v20.10.3
https://docs.docker.com/engine/release-notes/#20103
Comment 1 Alexandros Toptsoglou 2021-02-03 10:32:13 UTC
Tracked SLE12 and SLE15 as affected.
Comment 8 Swamp Workflow Management 2021-02-11 17:17:29 UTC
SUSE-SU-2021:0435-1: An update that solves three vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (important)
Bug References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732
CVE References: CVE-2020-15257,CVE-2021-21284,CVE-2021-21285
JIRA References: SLE-16460
Sources used:
SUSE Manager Server 4.0 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Manager Retail Branch Server 4.0 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Manager Proxy 4.0 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise Server 15-SP1-BCL (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise Module for Containers 15-SP3 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise Module for Containers 15-SP2 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE Enterprise Storage 6 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3
SUSE CaaS Platform 4.0 (src):    containerd-1.3.9-5.29.3, docker-19.03.15_ce-6.43.3, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-02-12 05:17:25 UTC
openSUSE-SU-2021:0278-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732
CVE References: CVE-2020-15257,CVE-2021-21284,CVE-2021-21285
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    containerd-1.3.9-lp152.2.3.1, docker-19.03.15_ce-lp152.2.3.1, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1, fish-2.7.1-lp152.5.3.1, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1
Comment 10 Swamp Workflow Management 2021-02-12 11:18:05 UTC
SUSE-SU-2021:0445-1: An update that solves three vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1065609,1153367,1157330,1158590,1176708,1177598,1178801,1180401,1181730,1181732
CVE References: CVE-2020-15157,CVE-2021-21284,CVE-2021-21285
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.3.9-16.35.1, docker-19.03.15_ce-98.60.2, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-1.52.1, golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-04-30 16:20:38 UTC
SUSE-SU-2021:1458-1: An update that solves 9 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1028638,1034053,1048046,1051429,1053532,1095817,1118897,1118898,1118899,1121967,1131314,1131553,1149954,1152308,1160452,1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183397,1183855,1184768,1184962
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-16884,CVE-2019-19921,CVE-2019-5736,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.4.4-16.38.1, docker-20.10.6_ce-98.66.1, runc-1.0.0~rc93-16.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-06-11 13:19:28 UTC
SUSE-SU-2021:1954-1: An update that solves four vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405
CVE References: CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Manager Server 4.0 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Manager Retail Branch Server 4.0 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Manager Proxy 4.0 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Server for SAP 15 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Server 15-LTSS (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Module for Containers 15-SP3 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise Module for Containers 15-SP2 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3
SUSE Enterprise Storage 7 (src):    runc-1.0.0~rc93-1.14.2
SUSE Enterprise Storage 6 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2
SUSE CaaS Platform 4.0 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-06-16 19:26:43 UTC
openSUSE-SU-2021:0878-1: An update that solves four vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405
CVE References: CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    containerd-1.4.4-lp152.2.6.1, docker-20.10.6_ce-lp152.2.12.1, runc-1.0.0~rc93-lp152.2.3.1
Comment 16 Swamp Workflow Management 2021-07-10 17:58:11 UTC
openSUSE-SU-2021:1954-1: An update that solves four vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405
CVE References: CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    containerd-1.4.4-5.32.1, docker-20.10.6_ce-6.49.3, runc-1.0.0~rc93-1.14.2