Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2023-6476: cri-o: Pods are able to break out of resource confinement on cgroupv2

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Red Hat OpenShift: CVE-2023-6476: cri-o: Pods are able to break out of resource confinement on cgroupv2

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

01/09/2024

Created

01/19/2024

Added

01/18/2024

Modified

01/22/2024

Description

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

Solution(s)

linuxrpm-upgrade-cri-o

References

https://attackerkb.com/topics/cve-2023-6476
CVE - 2023-6476
RHSA-2024:0195
RHSA-2024:0207

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2023-6476: cri-o: Pods are able to break out of resource confinement on cgroupv2

Red Hat OpenShift: CVE-2023-6476: cri-o: Pods are able to break out of resource confinement on cgroupv2

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.