7.5

CVE-2023-6476

Cri-o: pods are able to break out of resource confinement on cgroupv2

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenshift Container Platform Version4.13
   RedhatEnterprise Linux Version8.0
   RedhatEnterprise Linux Version9.0
RedhatOpenshift Container Platform Version4.14
   RedhatEnterprise Linux Version8.0
   RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.86% 0.537
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://access.redhat.com/errata/RHSA-2024:0195
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0207
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-6476
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253994
Vendor Advisory
Issue Tracking