{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2021-43816","title":"Title"},{"category":"description","text":"containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2021-43816","url":"https://www.suse.com/security/cve/CVE-2021-43816"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1194359 for CVE-2021-43816","url":"https://bugzilla.suse.com/1194359"}],"title":"SUSE CVE CVE-2021-43816","tracking":{"current_release_date":"2025-09-29T01:22:17Z","generator":{"date":"2023-02-15T03:36:47Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2021-43816","initial_release_date":"2023-02-15T03:36:47Z","revision_history":[{"date":"2023-02-15T03:36:47Z","number":"2","summary":"Current version"},{"date":"2025-01-01T04:08:18Z","number":"3","summary":"Current version"},{"date":"2025-01-23T04:21:40Z","number":"4","summary":"Current version"},{"date":"2025-02-15T04:43:02Z","number":"5","summary":"Current version"},{"date":"2025-02-17T05:05:38Z","number":"6","summary":"Current version"},{"date":"2025-03-15T08:36:48Z","number":"7","summary":"Current version"},{"date":"2025-04-25T04:27:56Z","number":"8","summary":"Current version"},{"date":"2025-06-27T00:51:41Z","number":"9","summary":"Current version"},{"date":"2025-07-01T00:46:28Z","number":"10","summary":"Current version"},{"date":"2025-09-29T01:22:17Z","number":"11","summary":"Current version"}],"status":"interim","version":"11"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE CaaS Platform 4.0","product":{"name":"SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:caasp:4.0"}}},{"category":"product_name","name":"SUSE CaaS Platform 4.5","product":{"name":"SUSE CaaS Platform 4.5","product_id":"SUSE CaaS Platform 4.5","product_identification_helper":{"cpe":"cpe:/o:suse:caasp:4.5"}}},{"category":"product_name","name":"SUSE Enterprise Storage 6","product":{"name":"SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6","product_identification_helper":{"cpe":"cpe:/o:suse:ses:6"}}},{"category":"product_name","name":"SUSE Enterprise Storage 7","product":{"name":"SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7"}}},{"category":"product_name","name":"SUSE Enterprise Storage 7.1","product":{"name":"SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 12","product":{"name":"SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.0","product":{"name":"SUSE Linux Enterprise Micro 5.0","product_id":"SUSE Linux Enterprise Micro 5.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-microos:5.0"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.1","product":{"name":"SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-microos:5.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Containers 12","product":{"name":"SUSE Linux Enterprise Module for Containers 12","product_id":"SUSE Linux Enterprise Module for Containers 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-containers:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Containers 15 SP2","product":{"name":"SUSE Linux Enterprise Module for Containers 15 SP2","product_id":"SUSE Linux Enterprise Module for Containers 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-containers:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Containers 15 SP3","product":{"name":"SUSE Linux Enterprise Module for Containers 15 SP3","product_id":"SUSE Linux Enterprise Module for Containers 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-containers:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12","product":{"name":"SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3","product":{"name":"SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4","product":{"name":"SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2","product":{"name":"SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3","product":{"name":"SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15-ESPOS","product":{"name":"SUSE Linux Enterprise Server 15-ESPOS","product_id":"SUSE Linux Enterprise Server 15-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15-LTSS","product":{"name":"SUSE Linux Enterprise Server 15-LTSS","product_id":"SUSE Linux Enterprise Server 15-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Business Critical Linux 15 SP1","product":{"name":"SUSE Linux Enterprise Server Business Critical Linux 15 SP1","product_id":"SUSE Linux Enterprise Server Business Critical Linux 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_bcl:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Business Critical Linux 15 SP2","product":{"name":"SUSE Linux Enterprise Server Business Critical Linux 15 SP2","product_id":"SUSE Linux Enterprise Server Business Critical Linux 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_bcl:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.1","product":{"name":"SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.1"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.2","product":{"name":"SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.2"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.1","product":{"name":"SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.1"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.2","product":{"name":"SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Server 4.1","product":{"name":"SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.1"}}},{"category":"product_name","name":"SUSE Manager Server 4.2","product":{"name":"SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.2"}}},{"category":"product_version","name":"containerd","product":{"name":"containerd","product_id":"containerd","product_identification_helper":{"cpe":"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/containerd@?upstream=containerd.src.rpm"}}},{"category":"product_version","name":"containerd-ctr","product":{"name":"containerd-ctr","product_id":"containerd-ctr","product_identification_helper":{"cpe":"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/containerd-ctr@?upstream=containerd.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE CaaS Platform 4.0"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE CaaS Platform 4.0"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE CaaS Platform 4.5","product_id":"SUSE CaaS Platform 4.5:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE CaaS Platform 4.5"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Enterprise Storage 6"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise High Performance Computing 15-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Micro 5.0","product_id":"SUSE Linux Enterprise Micro 5.0:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.0"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Module for Containers 12","product_id":"SUSE Linux Enterprise Module for Containers 12:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 12"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Module for Containers 15 SP2","product_id":"SUSE Linux Enterprise Module for Containers 15 SP2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Module for Containers 15 SP3","product_id":"SUSE Linux Enterprise Module for Containers 15 SP3:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Module for Containers 15 SP3","product_id":"SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 15-ESPOS","product_id":"SUSE Linux Enterprise Server 15-ESPOS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 15-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server 15-LTSS","product_id":"SUSE Linux Enterprise Server 15-LTSS:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server 15-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server 15-LTSS","product_id":"SUSE Linux Enterprise Server 15-LTSS:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server 15-LTSS"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1","product_id":"SUSE Linux Enterprise Server Business Critical Linux 15 SP1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server Business Critical Linux 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server Business Critical Linux 15 SP2","product_id":"SUSE Linux Enterprise Server Business Critical Linux 15 SP2:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server Business Critical Linux 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"containerd as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd"},"product_reference":"containerd","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"containerd-ctr as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr"},"product_reference":"containerd-ctr","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"}]},"vulnerabilities":[{"cve":"CVE-2021-43816","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-43816"}],"notes":[{"category":"general","text":"containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE CaaS Platform 4.0:containerd","SUSE CaaS Platform 4.0:containerd-ctr","SUSE CaaS Platform 4.5:containerd","SUSE Enterprise Storage 6:containerd","SUSE Enterprise Storage 7.1:containerd","SUSE Enterprise Storage 7.1:containerd-ctr","SUSE Enterprise Storage 7:containerd","SUSE Linux Enterprise High Performance Computing 12:containerd","SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd","SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr","SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd","SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr","SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd","SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr","SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd","SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr","SUSE Linux Enterprise High Performance Computing 15 SP2:containerd","SUSE Linux Enterprise High Performance Computing 15 SP3:containerd","SUSE Linux Enterprise High Performance Computing 15 SP3:containerd-ctr","SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd","SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr","SUSE Linux Enterprise Micro 5.0:containerd","SUSE Linux Enterprise Micro 5.1:containerd","SUSE Linux Enterprise Module for Containers 12:containerd","SUSE Linux Enterprise Module for Containers 15 SP2:containerd","SUSE Linux Enterprise Module for Containers 15 SP3:containerd","SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr","SUSE Linux Enterprise Server 12 SP3:containerd","SUSE Linux Enterprise Server 12 SP4:containerd","SUSE Linux Enterprise Server 12 SP5:containerd","SUSE Linux Enterprise Server 12:containerd","SUSE Linux Enterprise Server 15 SP1-LTSS:containerd","SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr","SUSE Linux Enterprise Server 15 SP2-LTSS:containerd","SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr","SUSE Linux Enterprise Server 15 SP2:containerd","SUSE Linux Enterprise Server 15 SP3:containerd","SUSE Linux Enterprise Server 15 SP3:containerd-ctr","SUSE Linux Enterprise Server 15-ESPOS:containerd","SUSE Linux Enterprise Server 15-LTSS:containerd","SUSE Linux Enterprise Server 15-LTSS:containerd-ctr","SUSE Linux Enterprise Server Business Critical Linux 15 SP1:containerd","SUSE Linux Enterprise Server Business Critical Linux 15 SP2:containerd","SUSE Linux Enterprise Server for SAP Applications 12 SP3:containerd","SUSE Linux Enterprise Server for SAP Applications 12 SP4:containerd","SUSE Linux Enterprise Server for SAP Applications 12 SP5:containerd","SUSE Linux Enterprise Server for SAP Applications 12:containerd","SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd","SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr","SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd","SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr","SUSE Linux Enterprise Server for SAP Applications 15 SP3:containerd","SUSE Linux Enterprise Server for SAP Applications 15 SP3:containerd-ctr","SUSE Linux Enterprise Server for SAP Applications 15:containerd","SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr","SUSE Manager Proxy 4.1:containerd","SUSE Manager Proxy 4.2:containerd","SUSE Manager Proxy 4.2:containerd-ctr","SUSE Manager Retail Branch Server 4.1:containerd","SUSE Manager Retail Branch Server 4.2:containerd","SUSE Manager Retail Branch Server 4.2:containerd-ctr","SUSE Manager Server 4.1:containerd","SUSE Manager Server 4.2:containerd","SUSE Manager Server 4.2:containerd-ctr"]},"references":[{"category":"external","summary":"CVE-2021-43816","url":"https://www.suse.com/security/cve/CVE-2021-43816"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1194359 for CVE-2021-43816","url":"https://bugzilla.suse.com/1194359"}],"threats":[{"category":"impact","date":"2022-01-05T22:00:06Z","details":"important"}],"title":"CVE-2021-43816"}]}