CVE-2022-31030 — Uncontrolled Resource Consumption in Containerd
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.2%
top 63.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJun 9
Latest updateAug 21
Description
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 11.0, Fedora 35, 36
🔴Vulnerability Details
6OSV▶
containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd↗2024-08-21