PT-2024-15825 · Unknown+1 · Kube-Controller-Manager+1

Anten Skrabec

Published

2024-04-08

Updated

2025-08-13

CVE-2024-0793

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions kube-controller-manager (affected versions not specified)

Description A flaw was found in kube-controller-manager, causing a denial of service due to KCM pods going into restart churn when the initial application of a HPA config YAML lacks a .spec.behavior.scaleUp block.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

CVE-2024-0793

ECHO-B84C-8C92-136E

GHSA-H7WQ-JJ8R-QM7P

GO-2024-3277

OPENSUSE-SU-2024:13715-1

OPENSUSE-SU-2024:13716-1

OPENSUSE-SU-2024:13717-1

OPENSUSE-SU-2024:13718-1

OPENSUSE-SU-2024:14513-1

OPENSUSE-SU-2024_1163-1

OPENSUSE-SU-2024_1164-1

OPENSUSE-SU-2024_1166-1

OPENSUSE-SU-2024_3341-1

OPENSUSE-SU-2024_3343-1

RHSA-2024:1267

SUSE-SU-2024:1163-1

SUSE-SU-2024:1164-1

SUSE-SU-2024:1165-1

SUSE-SU-2024:1166-1

SUSE-SU-2024:1166-2

SUSE-SU-2024:3341-1

SUSE-SU-2024:3343-1

SUSE-SU-2024_1163-1

SUSE-SU-2024_1164-1

SUSE-SU-2024_1165-1

SUSE-SU-2024_1166-1

SUSE-SU-2024_1166-2

SUSE-SU-2025:02423-1

SUSE-SU-2025:02423-2

SUSE-SU-2025_02423-2

Affected Products

Suse

Kube-Controller-Manager

PT-2024-15825 · Unknown+1 · Kube-Controller-Manager+1

CVE-2024-0793

Weakness Enumeration

Related Identifiers

Affected Products

References · 74