A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubernetes cri-o |
||
fedoraproject fedora - |
||
redhat openshift container platform 3.11 |
||
redhat openshift container platform 4.1 |
||
redhat openshift container platform 4.2 |