A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2024-0390 | A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. |
![]() |
GHSA-p4rx-7wvg-fwrc | CRI-O's pods can break out of resource confinement on cgroupv2 |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 17 Jun 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-10-09T23:57:36.626Z
Reserved: 2023-12-04T06:23:22.231Z
Link: CVE-2023-6476

Updated: 2024-08-02T08:28:21.863Z

Status : Modified
Published: 2024-01-09T22:15:43.610
Modified: 2024-11-21T08:43:55.687
Link: CVE-2023-6476


No data.