x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2025-47291 #3701
Assignees
Labels
Comments
|
Change https://go.dev/cl/675635 mentions this issue: |
|
Change https://go.dev/cl/676575 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
May 27, 2025
Updates #3701 Updates #3711 Change-Id: Idd3f429e364923cb71db454a7045bd3bdd43e4b6 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/676575 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Neal Patel <nealpatel@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Advisory CVE-2025-47291 references a vulnerability in the following Go modules:
Description:
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: