Moderate severityNVD Advisory· Published Jun 27, 2022· Updated Apr 23, 2025
Malicious response from KubeEdge can crash CSI Driver controller server
CVE-2022-31077
Description
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/kubeedge/kubeedgeGo | >= 1.10.0, < 1.10.1 | 1.10.1 |
github.com/kubeedge/kubeedgeGo | < 1.9.3 | 1.9.3 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-x938-fvfw-7jh5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31077ghsaADVISORY
- github.com/kubeedge/kubeedge/pull/3899ghsax_refsource_MISCWEB
- github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701ghsax_refsource_MISCWEB
- github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.