Описание
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
A flaw was found in containerd. This vulnerability allows a user to exhaust memory on the host due to goroutine leaks via a bug in the CRI (Container Runtime Interface) Attach implementation.
Отчет
The highest threat of this vulnerability is to system availability. A flaw in containerd's CRI Attach implementation allows a user to exhaust memory on the host due to goroutine leaks, leading to a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | assisted/agent-preinstall-image-builder-rhel9 | Affected | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-agent-rhel9 | Affected | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Affected | ||
| Compliance Operator | compliance/openshift-compliance-must-gather-rhel8 | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9 | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-must-gather-rhel9 | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-operator-bundle | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-podvm-builder-rhel9 | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-podvm-payload-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
containerd CRI server: Host memory exhaustion through Attach goroutine leak
containerd is an open-source container runtime. Versions 1.7.28 and be ...
containerd CRI server: Host memory exhaustion through Attach goroutine leak
EPSS
6.5 Medium
CVSS3