Note:
This project will be discontinued after December 13, 2021. [more]
2019-11-25
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.
| Products | Fedora, Cri\-O, Openshift_container_platform |
| Type | Improper Check for Unusual or Exceptional Conditions (CWE-754) |
| First patch | - None (likely due to unavailable code) |
| Links | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891 |