CVE-2019-14891

Description

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Related CPE's

akubernetescri-o********

ofedoraprojectfedora-*******

aredhatopenshift_container_platform3.11*******

aredhatopenshift_container_platform4.1*******

aredhatopenshift_container_platform4.2*******

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891

Issue TrackingThird Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

AttackVector

NETWORK

AttackComplexity

HIGH

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

LOW

IntegrityImpact

LOW

AvailabilityImpact

LOW

BaseScore

5

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:S/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

SINGLE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

6

Created by Yello
About Severity.io