SB20250521159 - Improper preservation of permissions in containerd CRI plugin
Published: May 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Preservation of Permissions (CVE-ID: CVE-2025-47291)
CWE-ID: CWE-281 - Improper preservation of permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the CRI implementation does not put usernamespaced containers under the Kubernetes' cgroup hierarchy, which causes Kubernetes limits not to be honored. A local user or malicious application inside the container can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.