A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-25T10:31:17

Updated: 2024-08-05T00:26:39.148Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14891

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-25T11:15:11.430

Modified: 2024-11-21T04:27:37.410

Link: CVE-2019-14891

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-11-07T00:00:00Z

Links: CVE-2019-14891 - Bugzilla