USN-4653-1: containerd vulnerability
It was discovered that access controls for the shim’s API socket did not
restrict access to the abstract unix domain socket in some cases. An attacker
could use this vulnerability to run containers with elevated privileges.
Source: USN-4653-1: containerd vulnerability