CVE-2023-6476
published 2024-01-09CVE-2023-6476: A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | cri-o_cri-o | >= 0 < 1.27.3 | 1.27.3 |
| github.com | cri-o_cri-o | >= 1.28.0 < 1.28.3 | 1.28.3 |
| github.com | cri-o_cri-o | >= 1.29.0 < 1.29.1 | 1.29.1 |
| msrc | cbl2_cri-o_1.22.3-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cri-o_1.22.3-14_on_cbl_mariner_2.0 | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |