Vulnerabilities > CVE-2019-14891 - Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

NVD

Published: 2019-11-25

Updated: 2020-02-28

Summary

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Vulnerable Configurations

Part	Description	Count
Application	Kubernetes Kubernetes CRI O 0.0.0 Kubernetes CRI O 0.1 Kubernetes CRI O 0.2 Kubernetes CRI O 0.3 Kubernetes CRI O 1.0.0 Kubernetes CRI O 1.0.1 Kubernetes CRI O 1.0.2 Kubernetes CRI O 1.0.3 Kubernetes CRI O 1.0.4 Kubernetes CRI O 1.0.5 Kubernetes CRI O 1.0.6 Kubernetes CRI O 1.0.7 Kubernetes CRI O 1.0.8 Kubernetes CRI O 1.0.9 Kubernetes CRI O 1.8.0 Kubernetes CRI O 1.8.1 Kubernetes CRI O 1.8.2 Kubernetes CRI O 1.8.3 Kubernetes CRI O 1.8.4 Kubernetes CRI O 1.8.5 Kubernetes CRI O 1.9.0 Kubernetes CRI O 1.9.1 Kubernetes CRI O 1.9.2 Kubernetes CRI O 1.9.3 Kubernetes CRI O 1.9.4 Kubernetes CRI O 1.9.5 Kubernetes CRI O 1.9.6 Kubernetes CRI O 1.9.7 Kubernetes CRI O 1.9.8 Kubernetes CRI O 1.9.9 Kubernetes CRI O 1.9.10 Kubernetes CRI O 1.9.11 Kubernetes CRI O 1.9.12 Kubernetes CRI O 1.9.13 Kubernetes CRI O 1.9.14 Kubernetes CRI O 1.9.15 Kubernetes CRI O 1.9.16 Kubernetes CRI O 1.10.0 Kubernetes CRI O 1.10.1 Kubernetes CRI O 1.10.2 Kubernetes CRI O 1.10.3 Kubernetes CRI O 1.10.4 Kubernetes CRI O 1.10.5 Kubernetes CRI O 1.10.6 Kubernetes CRI O 1.11.0 Kubernetes CRI O 1.11.1 Kubernetes CRI O 1.11.2 Kubernetes CRI O 1.11.3 Kubernetes CRI O 1.11.4 Kubernetes CRI O 1.11.5 Kubernetes CRI O 1.11.6 Kubernetes CRI O 1.11.7 Kubernetes CRI O 1.11.8 Kubernetes CRI O 1.11.9 Kubernetes CRI O 1.11.10 Kubernetes CRI O 1.11.11 Kubernetes CRI O 1.11.12 Kubernetes CRI O 1.11.13 Kubernetes CRI O 1.11.14 Kubernetes CRI O 1.11.15 Kubernetes CRI O 1.12.0 Kubernetes CRI O 1.12.1 Kubernetes CRI O 1.12.2 Kubernetes CRI O 1.12.3 Kubernetes CRI O 1.12.4 Kubernetes CRI O 1.12.5 Kubernetes CRI O 1.12.6 Kubernetes CRI O 1.12.7 Kubernetes CRI O 1.12.8 Kubernetes CRI O 1.12.9 Kubernetes CRI O 1.12.10 Kubernetes CRI O 1.13.0 Kubernetes CRI O 1.13.1 Kubernetes CRI O 1.13.2 Kubernetes CRI O 1.13.3 Kubernetes CRI O 1.13.4 Kubernetes CRI O 1.13.5 Kubernetes CRI O 1.13.6 Kubernetes CRI O 1.13.7 Kubernetes CRI O 1.13.8 Kubernetes CRI O 1.13.9 Kubernetes CRI O 1.13.10 Kubernetes CRI O 1.14.0 Kubernetes CRI O 1.14.1 Kubernetes CRI O 1.14.2 Kubernetes CRI O 1.14.3 Kubernetes CRI O 1.14.4 Kubernetes CRI O 1.14.5 Kubernetes CRI O 1.14.6 Kubernetes CRI O 1.14.7 Kubernetes CRI O 1.14.8 Kubernetes CRI O 1.14.9 Kubernetes CRI O 1.14.10 Kubernetes CRI O 1.14.11 Kubernetes CRI O 1.15.0 Kubernetes CRI O 1.15.1 Kubernetes CRI O 1.15.2 Kubernetes CRI O 1.16.0	108
Application	Redhat Redhat Openshift Container Platform 3.11 Redhat Openshift Container Platform 4.1 Redhat Openshift Container Platform 4.2	3
OS	Fedoraproject Fedoraproject Fedora -	1

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891