CVE-2024-40635

CVE-2024-40635 is a medium-severity vulnerability in Linuxfoundation Containerd with a CVSS 3.x base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-190.

Key facts

Description

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Frequently asked questions

What is CVE-2024-40635?
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
How severe is CVE-2024-40635?
CVE-2024-40635 has a CVSS 3.x base score of 4.6, rated medium severity. It is exploitable over local access with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability none.
Is CVE-2024-40635 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-40635?
CVE-2024-40635 primarily affects Linuxfoundation Containerd. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2024-40635?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-40635 have an EU (EUVD) identifier?
Yes. CVE-2024-40635 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-6529.
When was CVE-2024-40635 published?
CVE-2024-40635 was published on 2025-03-17 and last updated on 2026-06-17.

References

Affected products (2)

More vulnerabilities in Linuxfoundation Containerd

All CVEs affecting Linuxfoundation Containerd →

Other CWE-190 (Integer Overflow or Wraparound) vulnerabilities

Browse all CWE-190 (Integer Overflow or Wraparound) vulnerabilities →