Main Vulnerability Database SB20250521122

SB20250521122 - Race condition during image unpack in containerd

Published: May 21, 2025

Security Bulletin ID SB20250521122

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-47290)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition while unpacking an image during an image pull. A remote attacker can trick the victim into using a specially crafted image and perform arbitrary modifications of the host file system, leading to its compromise.

Remediation

Install update from vendor's website.

References

https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc
https://github.com/containerd/containerd/releases/tag/v2.1.1
https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95