Dongha Kim

Name of the Vulnerable Software and Affected Versions: CRI-O (affected versions not specified) Description: CRI-O is susceptible to a denial-of-service issue. When a container is launched with `securityContext.runAsUser` set to a non-existent user, CRI-O attempts to create the user by reading the entire `/etc/passwd` file into memory. If the `/etc/passwd` file is excessively large, this can lead to high memory consumption, potentially causing applications to be terminated due to out-of-memory conditions. This may disrupt other pods and services running on the same host. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CRI-O (affected versions not specified) **Description** A path traversal issue in the log management functions, specifically `UnMountPodLogs` and `LinkContainerLogs`, may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths. This could lead to node-level denial of service by unmounting critical system directories. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.