What is CVE-2024-40635?

A medium-severity vulnerability in Debian's containerd allows unintended escalation of privileges due to an integer overflow. Organizations must patch affected versions promptly to mitigate potential risks.

What is the severity of CVE-2024-40635?

CVE-2024-40635 has a severity rating of MEDIUM with a CVSS base score of 4.6.

CVE-2024-40635 | Medium Vulnerability in Debian containerd

CVE-2024-40635 is a medium-severity vulnerability affecting Debian's containerd, an open-source container runtime. The vulnerability arises from a bug that allows containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer, leading to an overflow condition. This causes the container to run as root (UID 0), compromising the expected behavior for environments requiring non-root execution.

The CVSS score of 4.6 indicates a medium risk level. This vulnerability is particularly concerning for containerized environments that prioritize security by enforcing non-root user policies. The potential for attackers to exploit this vulnerability underscores the importance of timely remediation.

The vulnerability was published on March 17, 2025, and has been fixed in containerd versions 1.6.38, 1.7.27, and 2.0.4. Organizations using affected versions should take immediate action to mitigate risks associated with this vulnerability.

Organizations should prioritize patching immediately. The workaround involves ensuring that only trusted images are used and that trusted users have permission to import images, although patching is the most effective mitigation.

Vulnerability Details

The official CVE description states that this vulnerability allows containerd to mishandle user IDs and group IDs, resulting in privilege escalation. This defect has a CVSS score of 4.6, classified under CVSS version 3.1. The vulnerability is identified as CWE-190, which pertains to integer overflow issues. The affected products include containerd and Debian Linux versions prior to the patches mentioned.

Technical Analysis

The root cause of CVE-2024-40635 is an integer overflow that occurs when a user-defined UID and GID exceeds the maximum value for a 32-bit signed integer. This vulnerability is classified as a local attack vector with low attack complexity. It requires high privileges to exploit, meaning that an attacker must have some access to the affected system.

User interaction is not required to exploit this vulnerability. The potential impacts include low confidentiality and integrity impacts, with no availability impact associated with this vulnerability.

Risk & Impact Analysis

Risk to organizations includes the possibility of containers executing with escalated privileges, thereby undermining security controls that mandate non-root execution. The blast radius is significant, as many environments depend on container isolation and privilege separation to secure workloads. Organizations must assess their deployment strategies and re-evaluate their reliance on containerized environments that utilize affected versions of containerd.

Given the CVSS score, organizations should address this vulnerability in their priority patch cycle. The risk of exploitation, although medium, could lead to serious security breaches if not managed appropriately.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerable versions of containerd are prior to 1.6.38, 1.7.27, and 2.0.4. Organizations using Debian Linux version 11.0 are also affected. It is crucial to upgrade to the patched versions immediately.

Mitigation & Remediation

Organizations should prioritize patching immediately. Upgrade to containerd versions 1.6.38, 1.7.27, or 2.0.4 to eliminate the vulnerability. In the absence of immediate patching, ensure that only trusted images are utilized and limit permissions for users importing images. For further guidance on remediation, organizations may consider engaging in penetration testing to assess their environment.

Detection Guidance

To detect potential exploitation of this vulnerability, monitoring for unusual container behaviors and logs indicating unauthorized UID/GID settings is essential. Additionally, organizations should review image import permissions and user access logs to identify any unauthorized attempts or anomalies.

AppSecure Threat Intelligence Insight

The significance of CVE-2024-40635 lies in its representation of vulnerabilities that can lead to privilege escalation in containerized environments. It serves as a reminder for organizations to enforce strict user policies and to routinely audit their container security practices. Security teams should remain vigilant for similar vulnerabilities and consider adopting proactive measures to secure their containerized applications.

For more information on enhancing security in containerized environments, organizations can explore the following resources: penetration testing methodology, cloud penetration testing guide, and API penetration testing guide for further insights.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-40635: Medium Vulnerability in Debian containerd