How severe is CVE-2022-31030?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-31030?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2022-31030

MEDIUM Year: 2022

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-400

View all →

Vulnerability Description

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.

CVE-2006-5648

MEDIUM

CVSS:5.5(Medium)

Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create proc...

CWE-4002006

CVE-2006-5649

MEDIUM

CVSS:5.5(Medium)

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspec...

CWE-4002006

CVE-2009-3621

MEDIUM

CVSS:5.5(Medium)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutd...

CWE-4002009

CVE-2011-1474

MEDIUM

CVSS:5.5(Medium)

A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topd...

CWE-4002011

CVE-2011-2906

MEDIUM

CVSS:5.5(Medium)

Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or ...

CWE-4002011

CVE-2011-2918

MEDIUM

CVSS:5.5(Medium)

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of s...

CWE-4002011

CVE-2022-31030

Vulnerability Description

Related Vulnerabilities

CVE-2006-5648

CVE-2006-5649

CVE-2009-3621

CVE-2011-1474

CVE-2011-2906

CVE-2011-2918