How severe is CVE-2024-40635?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-40635?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2024-40635 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Related Vulnerabilities

CVE-2022-20423

MEDIUM

CVSS:4.6(Medium)

In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no add...

CWE-1902022

CVE-2022-22078

MEDIUM

CVSS:4.6(Medium)

Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity...

CWE-1902022

CVE-2025-48174

MEDIUM

CVSS:4.5(Medium)

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.

CWE-1902025

CVE-2025-48175

MEDIUM

CVSS:4.5(Medium)

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

CWE-1902025

CVE-2017-0603

MEDIUM

CVSS:4.7(Medium)

A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it...

CWE-1902017

CVE-2016-6888

MEDIUM

CVSS:4.4(Medium)

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maxi...

CWE-1902016