CVE-2019-14891
25.11.2019, 11:15
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.Enginsight
| Vendor | Product | Version |
|---|---|---|
| kubernetes | cri-o | 𝑥 < 1.16.1 |
| fedoraproject | fedora | - |
| redhat | openshift_container_platform | 3.11 |
| redhat | openshift_container_platform | 4.1 |
| redhat | openshift_container_platform | 4.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-460 - Improper Cleanup on Thrown ExceptionThe product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
- CWE-754 - Improper Check for Unusual or Exceptional ConditionsThe software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.