Bug 1206235 (CVE-2022-23471) - VUL-0: CVE-2022-23471: containerd, kubernetes, kubernetes1.18, kubernetes1.23: host memory exhaustion through Terminal resize goroutine leak
Summary: VUL-0: CVE-2022-23471: containerd, kubernetes, kubernetes1.18, kubernetes1.23...
Status: RESOLVED FIXED
Alias: CVE-2022-23471
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Containers Team
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/350053/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-23471:6.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-08 15:06 UTC by Thomas Leroy
Modified: 2023-03-28 12:30 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-12-08 15:06:18 UTC
CVE-2022-23471

containerd is an open source container runtime. A bug was found in containerd's
CRI implementation where a user can exhaust memory on the host. In the CRI
stream server, a goroutine is launched to handle terminal resize events if a TTY
is requested. If the user's process fails to launch due to, for example, a
faulty command, the goroutine will be stuck waiting to send without a receiver,
resulting in a memory leak. Kubernetes and crictl can both be configured to use
containerd's CRI implementation and the stream server is used for handling
container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users
should update to these versions to resolve the issue. Users unable to upgrade
should ensure that only trusted images and commands are used and that only
trusted users have permissions to execute commands in running containers.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23471
https://www.cve.org/CVERecord?id=CVE-2022-23471
https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
http://www.cvedetails.com/cve/CVE-2022-23471/
Comment 1 Thomas Leroy 2022-12-08 15:07:14 UTC
Affected:
- SUSE:SLE-12:Update
- SUSE:SLE-15:Update
- openSUSE:Factory
Comment 2 Thomas Leroy 2022-12-08 16:28:24 UTC
Kubernetes appears to ship the same code. As far as I understand, containerd vendors this k8s package, but not in the "vendor" directory. It's not clear.

The fix is not in k8s repo yet.

Those are kubernetes affected packages:
- SUSE:SLE-15-SP1:Update:Products:CASP40:Update/kubernetes
- SUSE:SLE-15-SP2:Update/kubernetes1.18
- SUSE:SLE-15-SP3:Update/kubernetes1.23
Comment 3 Swamp Workflow Management 2022-12-12 14:19:33 UTC
SUSE-SU-2022:4409-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1197284,1206065,1206235
CVE References: CVE-2022-23471,CVE-2022-27191
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.6.12-16.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2022-12-13 20:24:16 UTC
SUSE-SU-2022:4463-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1197284,1206065,1206235
CVE References: CVE-2022-23471,CVE-2022-27191
JIRA References: 
Sources used:
openSUSE Leap Micro 5.3 (src):    containerd-1.6.12-150000.79.1
openSUSE Leap Micro 5.2 (src):    containerd-1.6.12-150000.79.1
openSUSE Leap 15.4 (src):    containerd-1.6.12-150000.79.1
openSUSE Leap 15.3 (src):    containerd-1.6.12-150000.79.1
SUSE Manager Server 4.1 (src):    containerd-1.6.12-150000.79.1
SUSE Manager Retail Branch Server 4.1 (src):    containerd-1.6.12-150000.79.1
SUSE Manager Proxy 4.1 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server for SAP 15 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Server 15-LTSS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Module for Containers 15-SP4 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Module for Containers 15-SP3 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Micro 5.3 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Micro 5.2 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise Micro 5.1 (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    containerd-1.6.12-150000.79.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    containerd-1.6.12-150000.79.1
SUSE Enterprise Storage 7 (src):    containerd-1.6.12-150000.79.1
SUSE Enterprise Storage 6 (src):    containerd-1.6.12-150000.79.1
SUSE CaaS Platform 4.0 (src):    containerd-1.6.12-150000.79.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Maintenance Automation 2023-03-24 12:30:04 UTC
SUSE-SU-2023:1566-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1206235
CVE References: CVE-2022-23471
Sources used:
Containers Module 12 (src): containerd-1.6.16-16.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2023-03-28 12:30:21 UTC
SUSE-SU-2023:1628-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1206235
CVE References: CVE-2022-23471
Sources used:
openSUSE Leap Micro 5.3 (src): containerd-1.6.16-150000.82.2
openSUSE Leap 15.4 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Micro 5.3 (src): containerd-1.6.16-150000.82.2
Containers Module 15-SP4 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): containerd-1.6.16-150000.82.2
SUSE Enterprise Storage 7.1 (src): containerd-1.6.16-150000.82.2
SUSE Enterprise Storage 7 (src): containerd-1.6.16-150000.82.2
SUSE CaaS Platform 4.0 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Micro 5.1 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Micro 5.2 (src): containerd-1.6.16-150000.82.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): containerd-1.6.16-150000.82.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.