vulnerability
Amazon Linux AMI 2: CVE-2021-21284: Security patch for docker (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:L/Au:S/C:N/I:P/A:N) | Feb 2, 2021 | Jul 4, 2022 | May 20, 2026 |
Severity
3
CVSS
(AV:A/AC:L/Au:S/C:N/I:P/A:N)
Published
Feb 2, 2021
Added
Jul 4, 2022
Modified
May 20, 2026
Description
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Solutions
amazon-linux-ami-2-upgrade-dockeramazon-linux-ami-2-upgrade-docker-debuginfo
References
- AMAZON-AL2/ALAS2DOCKER-2021-001
- AMAZON-AL2/ALAS2ECS-2023-015
- AMAZON-AL2/ALAS2NITRO-ENCLAVES-2021-001
- AMAZON-AL2/ALASDOCKER-2021-001
- AMAZON-AL2/ALASECS-2023-015
- AMAZON-AL2/ALASNITRO-ENCLAVES-2021-001
- CVE-2021-21284
- https://attackerkb.com/topics/CVE-2021-21284
- CWE-22
- EUVD-EUVD-2024-0280
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-0280
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.