Wind River Support Network

HomeDefectsLIN1019-3668
Not to be fixed

LIN1019-3668 : Security Advisory - cri-o - CVE-2019-14891

Created: Dec 1, 2019    Updated: Apr 22, 2022
Resolved Date: Jul 23, 2020
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

CREATE(Triage):(User=admin) CVE-2019-14891 (https://nvd.nist.gov/vuln/detail/CVE-2019-14891)

CVEs


Live chat
Online