Untriaged
Permalink
CVE-2023-6476
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Cri-o: pods are able to break out of resource confinement on cgroupv2
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
References
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry
- RHBZ#2253994 issue-tracking x_refsource_REDHAT
- RHSA-2024:0207 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6476 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2253994 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:0195 x_refsource_REDHAT vendor-advisory x_transferred
Affected products
cri-o
- *
kernel
cri-o:1.21/cri-o
Matching in nixpkgs
pkgs.cri-o
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
-
nixos-unstable -
- nixpkgs-unstable 1.34.0
pkgs.cri-o-unwrapped
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
-
nixos-unstable -
- nixpkgs-unstable 1.34.0
Package maintainers
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>