Suggestions search

All statuses

Filter by:

With package: cri-o-unwrapped

Found 2 matching suggestions

Untriaged

(browse all)

Permalink CVE-2024-3154

created 4 months, 3 weeks ago

Cri-o: arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

Affected products

cri-o

==1.30.0
==1.29.3
==1.29.4
==1.28.5
==1.27.5
==1.28.6
==1.27.6
*

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

nixos-unstable -
- nixpkgs-unstable 1.34.0

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

nixos-unstable -
- nixpkgs-unstable 1.34.0

Package maintainers

@saschagrunert Sascha Grunert <mail@saschagrunert.de>
@vdemeester Vincent Demeester <vincent@sbr.pm>

Untriaged

(browse all)

Permalink CVE-2023-6476

created 4 months, 3 weeks ago

Cri-o: pods are able to break out of resource confinement on cgroupv2

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

Affected products

cri-o

kernel

cri-o:1.21/cri-o

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

nixos-unstable -
- nixpkgs-unstable 1.34.0

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

nixos-unstable -
- nixpkgs-unstable 1.34.0

Package maintainers

@saschagrunert Sascha Grunert <mail@saschagrunert.de>
@vdemeester Vincent Demeester <vincent@sbr.pm>