Vulnerability Database
Blog
FAQ
Docs
GO-2024-2458
See a problem?
Please try reporting it
to the source
first.
Source
https://pkg.go.dev/vuln/GO-2024-2458
Import Source
https://vuln.go.dev/ID/GO-2024-2458.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-2458
Aliases
CVE-2023-6476
GHSA-p4rx-7wvg-fwrc
Published
2024-06-28T15:28:53Z
Modified
2024-06-28T15:59:54.674723Z
Summary
CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o
Details
CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o
References
https://github.com/cri-o/cri-o/security/advisories/GHSA-p4rx-7wvg-fwrc
https://nvd.nist.gov/vuln/detail/CVE-2023-6476
https://github.com/cri-o/cri-o/commit/75effcb1a25851a736e82dba1f7d8cee93ee159e
https://github.com/cri-o/cri-o/pull/4479
https://access.redhat.com/errata/RHSA-2024:0195
https://access.redhat.com/errata/RHSA-2024:0207
https://access.redhat.com/security/cve/CVE-2023-6476
https://bugzilla.redhat.com/show_bug.cgi?id=2253994
https://github.com/cri-o/cri-o/blob/main/pkg/config/workloads.go#L103-L107
Affected packages
Go
/
github.com/cri-o/cri-o
Package
Name
github.com/cri-o/cri-o
View open source insights on deps.dev
Purl
pkg:golang/github.com/cri-o/cri-o
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.27.3
Introduced
1.28.0
Fixed
1.28.3
Introduced
1.29.0
Fixed
1.29.1
GO-2024-2458 - OSV