Update module github.com/containerd/containerd/v2 to v2.2.5 [SECURITY]#492
Open
renovate-rancher[bot] wants to merge 1 commit into
Open
Conversation
Contributor
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.2.4→v2.2.5containerd image-triggered runtime DoS via unbounded group parsing
CVE-2026-47262 / GHSA-jpcc-p29g-p8mq
More information
Details
Impact
A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components.
Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images are used and that only trusted users have permissions to import images or schedule pods.
Credits
The containerd project would like to thank Jakub Ciolek (@jake-ciolek) at AlphaSense and Kyle Elliott @ Trail of Bits who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
containerd: CRI checkpoint import allows local image tag poisoning
CVE-2026-50195 / GHSA-cvxm-645q-p574
More information
Details
Impact
containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an
IfNotPresent(orNever) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity.Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Users should only allow trusted images to be pulled.
Credits
The containerd project would like to thank Henry Beberman (@hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, and Robert Prast (@robertprast) who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
containerd CRI — image-config
LABELflows to restart-monitorbinary://logger: host-root command execution from an image pullCVE-2026-53488 / GHSA-xhf5-7wjv-pqxp
More information
Details
Impact
A bug was found in containerd where the CRI plugin propagates labels from an image config (
LABELinstruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations.Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images are used.
Credits
The containerd project would like to thank Anthropic Research, in collaboration with Claude, the GKE Security Team using Gemini, and Robert Prast (@robertprast) for independently discovering and responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
CVE-2026-53489 / GHSA-rgh6-rfwx-v388
More information
Details
Impact
A bug was found in containerd where the CRI plugin restores
container.logfrom a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host viakubectl logs.Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images and checkpoints are used.
Credits
The containerd project would like to thank @gouldnicholas and @davidrxchester, Yuming Zhang and Song Li of Zhejiang University, Sangwon Ryu (@sangwon090), Henry Beberman (@hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, Robert Prast (@robertprast),
Kyle Elliott (@kyle-elliott-tob) of Trail of Bits, and Zhenchen Wang (@Plucky923), who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
containerd CRI checkpoint restore CDI annotation smuggling
CVE-2026-53492 / GHSA-33vj-92qq-66hc
More information
Details
Impact
containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected.
Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration.
Workarounds
Users can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories (
/etc/cdiand/var/run/cdi) will eliminate the reachability of this vulnerability.Credits
The containerd project would like to thank Robert Prast (@robertprast) for responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
containerd CRI checkpoint restore CDI annotation smuggling
CVE-2026-53492 / GHSA-33vj-92qq-66hc / GO-2026-5064
More information
Details
Impact
containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected.
Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration.
Workarounds
Users can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories (
/etc/cdiand/var/run/cdi) will eliminate the reachability of this vulnerability.Credits
The containerd project would like to thank Robert Prast (@robertprast) for responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
containerd: CRI checkpoint import allows local image tag poisoning
CVE-2026-50195 / GHSA-cvxm-645q-p574 / GO-2026-5338
More information
Details
Impact
containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an
IfNotPresent(orNever) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity.Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Users should only allow trusted images to be pulled.
Credits
The containerd project would like to thank Henry Beberman (@hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, and Robert Prast (@robertprast) who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:LReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
containerd image-triggered runtime DoS via unbounded group parsing
CVE-2026-47262 / GHSA-jpcc-p29g-p8mq / GO-2026-5475
More information
Details
Impact
A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components.
Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images are used and that only trusted users have permissions to import images or schedule pods.
Credits
The containerd project would like to thank Jakub Ciolek (@jake-ciolek) at AlphaSense and Kyle Elliott @ Trail of Bits who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
CVE-2026-53489 / GHSA-rgh6-rfwx-v388 / GO-2026-5622
More information
Details
Impact
A bug was found in containerd where the CRI plugin restores
container.logfrom a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host viakubectl logs.Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images and checkpoints are used.
Credits
The containerd project would like to thank @gouldnicholas and @davidrxchester, Yuming Zhang and Song Li of Zhejiang University, Sangwon Ryu (@sangwon090), Henry Beberman (@hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, Robert Prast (@robertprast),
Kyle Elliott (@kyle-elliott-tob) of Trail of Bits, and Zhenchen Wang (@Plucky923), who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
containerd CRI — image-config
LABELflows to restart-monitorbinary://logger: host-root command execution from an image pullCVE-2026-53488 / GHSA-xhf5-7wjv-pqxp / GO-2026-5758
More information
Details
Impact
A bug was found in containerd where the CRI plugin propagates labels from an image config (
LABELinstruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations.Patches
This bug has been fixed in the following containerd versions:
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images are used.
Credits
The containerd project would like to thank Anthropic Research, in collaboration with Claude, the GKE Security Team using Gemini, and Robert Prast (@robertprast) for independently discovering and responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
To report a security issue in containerd:
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd
CVE-2026-53492 / GHSA-33vj-92qq-66hc / GO-2026-5064
More information
Details
containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd
CVE-2026-50195 / GHSA-cvxm-645q-p574 / GO-2026-5338
More information
Details
containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd
CVE-2026-47262 / GHSA-jpcc-p29g-p8mq / GO-2026-5475
More information
Details
containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd
CVE-2026-53489 / GHSA-rgh6-rfwx-v388 / GO-2026-5622
More information
Details
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
containerd CRI — image-config
LABELflows to restart-monitorbinary://logger: host-root command execution from an image pull in github.com/containerd/containerdCVE-2026-53488 / GHSA-xhf5-7wjv-pqxp / GO-2026-5758
More information
Details
containerd CRI — image-config
LABELflows to restart-monitorbinary://logger: host-root command execution from an image pull in github.com/containerd/containerdSeverity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Release Notes
containerd/containerd (github.com/containerd/containerd/v2)
v2.2.5: containerd 2.2.5Compare Source
Welcome to the v2.2.5 release of containerd!
The fifth patch release for containerd 2.2 contains various fixes
and updates including security patches.
Security Updates
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
Changes
27 commits
269031099Prepare release notes for v2.2.5ad59aa564Merge commit from fork0b4d23690Merge commit from forkbe8460656cri: filter CDI annotations on checkpoint restore347240f72Merge commit from forkcff578841cri: do not re-tag restored checkpoints668cf2c2fMerge commit from fork357652293cri: make checkpoint restore robust to unexpected archive contentd43da05afMerge commit from fork30708e8d1Bound user-database file reads in openUserFile028647ea2Merge commit from forkb6072a49fDo not propagate reserved labels from image configscfea2c141[release/2.2] vendor: golang.org/x/crypto v0.53.0fc96ea6b3update runc binary to v1.3.65a125fd66update go to 1.26.4/1.25.112b7dfbd7fConfigure udevd children-max for root-test1500e586fClean up disk space in node e2e workflow9991e944econtrib/checkpoint: increase timeouts to 30s55a1f85d5release: don't mark 2.2 releases as latestDependency Changes
Previous release can be found at v2.2.4
Which file should I download?
containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.
See also the Getting Started documentation.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.