Uncontrolled Resource Consumption

github.com/containerd/containerd is vulnerable to uncontrolled resource consumption. The vulnerability is due to goroutine leaks in the attach mechanism, which allows an attacker to exhaust host memory by repeatedly initiating attach requests...

MGASA-2026-0030 Updated docker-containerd packages fix security vulnerabilities

It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : containerd vulnerabilities (USN-7983-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7983-1 advisory. David Leadbeater discovered that containerd incorrectly set certain directory path permissions. A...

Grafana Labs 3.0.0 < 11.6.9+security-01 / 12.0.0 < 12.0.8+security-01 / 12.1.0 < 12.1.5+security-01 / 12.2.0 < 12.2.3+security-01 / 12.3.0 < 12.3.1+security-01 DoS (CVE-2026-21720)

The version of Grafana Labs installed on the remote host is affected by a denial of service vulnerability as referenced in the CVE-2026-21720 advisory. - Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue long...

USN-7983-1: containerd vulnerabilities

David Leadbeater discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of contain...

USN-7983-1 containerd, containerd-app vulnerabilities

David Leadbeater discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of contain...

SUSE CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

CVE-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

Missing Release of Resource after Effective Lifetime

Overview github.com/grafana/grafana/pkg/api/avatar is a tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the /avatar/:hash...

CVE-2026-21720

CVE-2026-21720 affects Grafana’s /avatar/:hash handling: each uncached request spawns a goroutine to refresh Gravatar, and if the refresh sits in a 10-slot worker queue longer than three seconds the handler times out, causing the goroutine to block on an unbuffered channel. This can lead to linea...

OESA-2025-2836 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via resource exhaustion caused by improper cleanup of long-lived resources. Several components fail to correctly close or release gRPC connections, SPIFFE sources, and streaming...

Security update for containerd

This update for containerd fixes the following issues: Update to containerd v1.7.29 CVE-2024-25621: Fixed an overly broad default permission vulnerability. bsc1253126 CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. bsc1253132 Patch Instructions: To install...

GO-2025-4108 containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd

containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd...

CVE-2025-64329

A flaw was found in containerd. This vulnerability allows a user to exhaust memory on the host due to goroutine leaks via a bug in the CRI Container Runtime Interface Attach implementation...

SUSE-SU-2025:21057-1 Security update for containerd

This update for containerd fixes the following issues: - CVE-2024-25621: Fixed overly broad default permission vulnerability bsc1253126. - CVE-2025-64329: Fixed goroutine leaks can lead to memory exhaustion on the host bsc1253132...

SUSE-SU-2025:21042-1 Security update for containerd

This update for containerd fixes the following issues: Update to containerd v1.7.29: - CVE-2024-25621: Fixed overly broad default permission vulnerability bsc1253126. - CVE-2025-64329: Fixed goroutine leaks that could have led to memory exhaustion on the host bsc1253132...

SUSE SLES12 Security Update : containerd (SUSE-SU-2025:4072-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4072-1 advisory. - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. bsc1253126 - CVE-2025-64329: Fixed a...

Security update for containerd

This update for containerd fixes the following issues: Update to containerd v1.7.29 CVE-2024-25621: Fixed an overly broad default permission vulnerability. bsc1253126 CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. bsc1253132 Patch Instructions: To install...

SUSE-SU-2025:4072-1 Security update for containerd

This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. bsc1253126 - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. bsc1253132...