A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
CPE | Name | Operator | Version |
---|---|---|---|
openshift_container_platform | eq | 3.11 | |
openshift_container_platform | eq | 4.13 | |
openshift_container_platform | eq | 4.14 |