CVE-2023-25173
Privilege Escalation vulnerability in containerd (Go)
What is CVE-2023-25173 About?
This vulnerability concerns improper setup of supplementary groups within a container environment, including those using the containerd client library. An attacker with direct container access can manipulate supplementary group access to bypass primary group restrictions, potentially escalating privileges. Exploitation requires existing access and knowledge of group manipulation.
Affected Software
- github.com/containerd/containerd
- >1.6.0, <1.6.18
- <1.5.18
Technical Details
The vulnerability exists because supplementary groups are not correctly configured inside a container, and this also applies to uses of the containerd client library. Under normal circumstances, supplementary groups enforce access controls. However, if an attacker has direct access to the container, they can manipulate their supplementary group membership or how these groups are applied. By doing so, they may be able to bypass the restrictions imposed by their primary group, thereby gaining unauthorized access to resources (e.g., files or directories) that would otherwise be protected by primary group considerations. This misconfiguration can ultimately lead to a local privilege escalation within the container.
What is the Impact of CVE-2023-25173?
Successful exploitation may allow attackers to bypass primary group restrictions and potentially escalate privileges within the container.
What is the Exploitability of CVE-2023-25173?
Exploitation requires an attacker to have direct access to a container. The complexity is moderate, as it involves manipulating supplementary group access, which implies an understanding of Linux group management within a containerized environment. Authentication into the container is a prerequisite, and the attack is local to the container environment. There are no special remote access requirements, as the attack takes place after initial access. The key constraint is having a foot in the door within the container itself. Risk factors that increase likelihood include lax security policies within containers, allowing unprivileged users significant control over their environment, or container images with misconfigured user/group mappings.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-25173?
Available Upgrade Options
- github.com/containerd/containerd
- <1.5.18 → Upgrade to 1.5.18
- github.com/containerd/containerd
- >1.6.0, <1.6.18 → Upgrade to 1.6.18
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
- https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
- https://osv.dev/vulnerability/GHSA-hmfx-3pcx-653p
- https://github.com/containerd/containerd
- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
What are Similar Vulnerabilities to CVE-2023-25173?
Similar Vulnerabilities: CVE-2021-41190 , CVE-2022-24765 , CVE-2022-23648 , CVE-2022-26961 , CVE-2021-41092
