CVE-2019-14891
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 25 Nov 2019, 10:31
Last modified:05 Aug 2024, 00:26
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6 MEDIUM
v2.0 (nvd)
EPSS Score
0.32% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Nov 2019, 10:31
Published
Vulnerability first disclosed
05 Aug 2024, 00:26
Last Modified
Vulnerability information updated
Description
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.
CVSS Metrics
- v3.1•MEDIUM•Score: 5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
- v3.0•MEDIUM•Score: 5CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
- v2.0•MEDIUM•Score: 6AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.32%• Percentile: 55%
Techniques & Countermeasures
- CWE-754•Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
- CWE-460•Improper Cleanup on Thrown Exception
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
Affected Systems
- fedoraproject•fedora
na
- kubernetes•cri-o
< 1.16.1
- redhat•openshift_container_platform
3.11 | 4.1 | 4.2