CVE-2025-64329 Linuxfoundation — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	5.5 (MEDIUM)
Affected Versions	2.0.0 — 2.1.5
Fixed In	1.7.29
Type	CWE-401 (Memory Leak (Утечка памяти))
Vendor	Linuxfoundation
Public PoC	No

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0.

To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Attack Parameters

Attack Vector

Local

Нужен локальный доступ

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

None

Нет модификации данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-401 Memory Leak (Утечка памяти)

Vulnerable Products 1

linuxfoundation:containerd

Known Affected Software Configurations 8

Configuration	From (including)	Up to (excluding)
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd::::::::	—	`1.7.29`
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd::::::::	`2.0.0`	`2.0.7`
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd::::::::	`2.1.0`	`2.1.5`
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta0::::::	—	—
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta1::::::	—	—
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta2::::::	—	—
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc0::::::	—	—
Linuxfoundation Containerd cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc1::::::	—	—