Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api

Back to Search

Red Hat OpenShift: CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

06/07/2022

Created

06/15/2022

Added

06/14/2022

Modified

06/22/2022

Description

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

Solution(s)

linuxrpm-upgrade-conmon
linuxrpm-upgrade-cri-o

References

https://attackerkb.com/topics/cve-2022-1708
CVE - 2022-1708
RHSA-2022:4943
RHSA-2022:4947
RHSA-2022:4951
RHSA-2022:4965
RHSA-2022:4972
RHSA-2022:4999

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api