Unknown · Kubernetes Containerd · CVE-2025-47291
**Name of the Vulnerable Software and Affected Versions**
containerd versions 2.0.1 through 2.0.4
**Description**
A bug was found in containerd's CRI implementation where it doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, causing some Kubernetes limits to not be honored. This may lead to a denial of service of the Kubernetes node.
**Recommendations**
For containerd versions 2.0.1 through 2.0.4, update to version 2.0.5 or later, or 2.1.0 or later, to resolve the issue.
As a temporary workaround, consider disabling usernamespaced pods in Kubernetes until the issue is resolved.