Wind River Support Network

HomeDefectsLIN1024-13158
Acknowledged

LIN1024-13158 : Security Advisory - containerd-opencontainers - CVE-2025-64329

Created: Nov 9, 2025    Updated: Nov 25, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace

Description

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube