CVE-2022-31030

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.openwall.com/lists/oss-security/2022/06/07/1 Mailing List Third Party Advisory
https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382 Product Third Party Advisory
https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/
https://security.gentoo.org/glsa/202401-31
https://www.debian.org/security/2022/dsa-5162 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
History

31 Jan 2024, 13:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-31 -

07 Nov 2023, 03:47

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/', 'name': 'FEDORA-2022-725ac93b48', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/', 'name': 'FEDORA-2022-1da581ac6d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/ -

29 Nov 2022, 16:40

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/ - Mailing List, Third Party Advisory
First Time Fedoraproject
Fedoraproject fedora
CPE cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

16 Jun 2022, 04:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 2.1
v3 : 5.5
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/ -
References (DEBIAN) https://www.debian.org/security/2022/dsa-5162 - (DEBIAN) https://www.debian.org/security/2022/dsa-5162 - Third Party Advisory
References (CONFIRM) https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf - (CONFIRM) https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf - Third Party Advisory
References (MISC) https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382 - (MISC) https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382 - Product, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/06/07/1 - (MLIST) http://www.openwall.com/lists/oss-security/2022/06/07/1 - Mailing List, Third Party Advisory
First Time Linuxfoundation containerd
Linuxfoundation
Debian
Debian debian Linux
CPE cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

13 Jun 2022, 11:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5162 -

09 Jun 2022, 15:09

Type Values Removed Values Added
New CVE
Information

Published : 2022-06-09 14:15

Updated : 2024-01-31 13:15

NVD link : CVE-2022-31030

Mitre link : CVE-2022-31030

CVE.ORG link : CVE-2022-31030

JSON object : View

Products Affected

fedoraproject

  • fedora

debian

  • debian_linux

linuxfoundation

  • containerd
CWE
CWE-400

Uncontrolled Resource Consumption