Описание
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.
A flaw was found in the Kubernetes snapshot-controller, where it is vulnerable to a denial of service attack via authorized API requests. The snapshot-controller can dereference a NULL pointer when processing a VolumeSnapshot custom resource via an authorized API request with invalid references to PersistentVolumeClaims and VolumeSnapshotClasses. The result causes the snapshot-controller to enter an endless crash loop. The highest threat from this vulnerability is to system availability.
Отчет
This vulnerability only affects versions v3.0.0 - v3.0.1 of the upstream snapshot-controller. No released component of OpenShift Container Platform (OCP) includes a vulnerable version. The first release of OCP 4.6 included v3 of a snapshot-controller with this fix, earlier versions of OCP include v2, which is not affected by this vulnerability. Similarly, no components of OpenShift Virtualization include a vulnerable version.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift4/ose-csi-external-snapshotter-rhel9 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-csi-snapshot-controller-rhel9 | Not affected | ||
| Red Hat OpenShift Virtualization 2 | hyperconverged-cluster-operator | Not affected | ||
| Red Hat OpenShift Virtualization 2 | virt-cdi-controller | Not affected | ||
| Red Hat OpenShift Virtualization 2 | virt-controller | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
EPSS
5.3 Medium
CVSS3