github.com/cri-o/cri-o (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/cri-o/cri-o, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2022-0811 — CVSS 8.8 (high): A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes…
CVE-2024-5154 — CVSS 8.1 (high): A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal…
CVE-2022-4318 — CVSS 7.8 (high): A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted…
CVE-2022-1708 — CVSS 7.5 (high): A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The…
CVE-2024-8676 — CVSS 7.4 (high): A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it…
CVE-2024-3154 — CVSS 7.2 (high): A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an…
CVE-2022-2995 — CVSS 7.1 (high): Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible…
CVE-2025-0750 — CVSS 6.6 (medium): A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow…
CVE-2023-6476 — CVSS 6.5 (medium): A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify…
CVE-2025-4437 — CVSS 5.7 (medium): There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent…
CVE-2023-25173 — CVSS 5.3 (medium): containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary…
CVE-2022-27652 — CVSS 5.3 (medium): A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby…
CVE-2022-0532 — CVSS 4.2 (medium): An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified…