Detections
Analytics

Containerd 2.0.1 < 2.0.5, 2.1.0 DoS

medium Nessus Plugin ID 237290

Language:

Synopsis

The version of containerd installed on the remote host is affected by a vulnerability.

Description

The version of Containerd on the remote host is 2.0.1 prior to 2.0.5. It is, therefore, affected by a vulnerability. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Containerd version 2.0.5, 2.1.0 or later.

See Also

http://www.nessus.org/u?ed4fcb88

Plugin Details

Severity: Medium

ID: 237290

File Name: containerd_2_1_0.nasl

Version: 1.2

Type: local

Agent: unix

Family: Misc.

Published: 5/27/2025

Updated: 5/28/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:linuxfoundation:containerd

Patch Publication Date: 5/21/2025

Vulnerability Publication Date: 5/21/2025

Reference Information

CVE: CVE-2025-47291

IAVA: 2025-A-0372