AZL-62003

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62003.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-62003

Upstream

CVE-2025-47291

Published

2025-05-21T18:15:52Z

Modified

2026-04-21T04:31:54.091182Z

Summary

CVE-2025-47291 affecting package containerd2 for versions less than 2.0.0-12

Details

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47291

Affected packages

Azure Linux:3 / containerd2

Package

Name: containerd2
Purl: pkg:rpm/azure-linux/containerd2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-12

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62003.json"