kubernetes cri-o CVE-2019-14891 vulnerability in Kubernetes and Other Products
Published on November 25, 2019

product logo product logo product logo
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

NVD

Weakness Type

Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.


Products Associated with CVE-2019-14891

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14891 are published in these products:

Kubernetes Cri O
 
Red Hat Openshift Container Platform
 
Fedora Project Fedora
 

Exploit Probability

EPSS
0.32%
Percentile
54.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.