Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 922060 (CVE-2023-6476)

Summary: <app-containers/cri-o-1.29.0: node denial of service
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: zmedico
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-01-13 20:28:39 UTC 
CVE-2023-6476 (https://bugzilla.redhat.com/show_bug.cgi?id=2253994):

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

Fix in 1.27.3 and 1.28.3 according to the changelogs, please bump:

https://github.com/cri-o/cri-o/releases/tag/v1.27.3
https://github.com/cri-o/cri-o/releases/tag/v1.28.3
Comment 2 Hans de Graaff gentoo-dev Security 2024-04-22 07:24:29 UTC 
All done. Thanks!