Permissions, Privileges, and Access Controls in CRI-O

#VU85580 Permissions, Privileges, and Access Controls in CRI-O

Published: 2024-01-18

Vulnerability identifier: #VU85580

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6476

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CRI-O
Web applications / Modules and components for CMS

Vendor: CRI-O

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked access to an experimental annotation. A remote user can use the cgroupv2 and perform a denial of service (DoS) attack by consuming all available memory resources.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CRI-O: 1.27.0 - 1.29.0

External links
http://github.com/cri-o/cri-o/security/advisories/GHSA-p4rx-7wvg-fwrc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Red Hat OpenShift Container Platform 4.13 update for cri-o

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Denial of service in CRI-O