First published: Tue Feb 02 2021(Updated: )
### Impact When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. ### Credits Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Docker Docker | <19.03.15 | |
Docker Docker | >=20.0.0<20.10.3 | |
Debian Debian Linux | =10.0 | |
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.3 | |
debian/docker.io | 18.09.1+dfsg1-7.1+deb10u3 20.10.5+dfsg1-1+deb11u2 20.10.24+dfsg1-1 20.10.25+dfsg1-2 | |
IBM Security Guardium | <=10.5 | |
IBM Security Guardium | <=10.6 | |
IBM Security Guardium | <=11.0 | |
IBM Security Guardium | <=11.1 | |
IBM Security Guardium | <=11.2 | |
IBM Security Guardium | <=11.3 | |
go/github.com/moby/moby | >=20.10.0-beta1<20.10.3 | 20.10.3 |
go/github.com/moby/moby | <19.3.15 | 19.3.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Docker vulnerability is CVE-2021-21284.
Versions before 9.03.15 and 20.10.3 of Docker are affected by this vulnerability.
This vulnerability allows privilege escalation to real root if the root user in the remapped namespace has access to the host filesystem.
To fix this vulnerability, update Docker to version 9.03.15 or 20.10.3.
More information about this vulnerability can be found in the following references: [GitHub Advisory](https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc), [GitHub Commit 1](https://github.com/moby/moby/commit/1342c51d5e809d2994e6f7e490c8d2b3b12c28ae), [GitHub Commit 2](https://github.com/moby/moby/commit/5eff67a2c294b7e72607e0949ebc0de21710e4d3).