USN-5100-1: containerd vulnerability
It was discovered that containerd insufficiently restricted permissions on
container root and plugin directories. If a user or automated system were
tricked into launching a specially crafted container image, a remote
attacker could traverse directory contents and modify files and execute
programs on the host filesystem, possibly leading to privilege escalation.
Source: USN-5100-1: containerd vulnerability