CVE-2019-14891

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "3.11"
                },
                {
                    "last_affected": "4.1"
                },
                {
                    "last_affected": "4.2"
                }
            ],
            "vendor_product": "redhat:openshift_container_platform"
        }
    ]
}

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891

Affected packages

Git / github.com/cri-o/cri-o

Affected ranges

Type

GIT

Repo

https://github.com/cri-o/cri-o

Events

Introduced

Fixed

bf8fcf34c942ba973a4f694094b46f914c779c0a

Database specific

{
    "cpe": "cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.16.1"
        }
    ]
}

Affected versions

v0.*

v0.0.0

v0.1

v0.2

v0.3

v1.*

v1.0.0-alpha.0

v1.0.0-beta.0

v1.0.0-rc1

v1.16.0

v1.9.0-beta.1

v1.9.0-beta.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14891.json"