CVE-2024-0793
Nil Pointer Dereference vulnerability in kubernetes (Go)
What is CVE-2024-0793 About?
This vulnerability is a nil pointer dereference in the Kubernetes Controller Manager (KCM) when processing a v1 HPA patch request. It can lead to the KCM crashing, causing a denial of service for horizontal pod autoscaling. Exploitation requires specific API interaction but is likely achievable with authenticated access.
Affected Software
Technical Details
The vulnerability manifests as a nil pointer dereference within the Kubernetes Controller Manager (KCM). This occurs specifically after the KCM processes a v1 Horizontal Pod Autoscaler (HPA) patch request. A malformed or specially crafted patch request, possibly related to the HPA's targetRef or metrics, could lead to a situation where a pointer that is expected to hold a valid memory address instead holds a 'nil' value. When the KCM attempts to dereference this 'nil' pointer, the application crashes, leading to a denial of service for the HPA functionality managed by that KCM instance.
What is the Impact of CVE-2024-0793?
Successful exploitation may allow attackers to crash the Kubernetes Controller Manager, leading to a denial of service for horizontal pod autoscaling and potentially impacting the stability and availability of workloads within the cluster.
What is the Exploitability of CVE-2024-0793?
Exploitation is of medium complexity, as it requires crafting specific v1 HPA patch requests that can trigger the nil pointer dereference. The attacker requires authenticated access to the Kubernetes API with permissions to modify (patch) HPA resources. This is a remote vulnerability, as the attacker interacts with the KCM via the API. There are no special conditions beyond the ability to submit specific HPA patch requests. The likelihood of exploitation increases if users have broad write permissions to HPA resources or if an attacker can compromise a legitimate user account.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-0793?
Available Upgrade Options
- k8s.io/kubernetes
- <1.27.0-alpha.1 → Upgrade to 1.27.0-alpha.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/openshift/kubernetes/pull/1876
- https://osv.dev/vulnerability/GO-2024-3277
- https://access.redhat.com/errata/RHSA-2024:1267
- https://bugzilla.redhat.com/show_bug.cgi?id=2214402
- https://github.com/openshift/kubernetes/pull/1876
- https://access.redhat.com/errata/RHSA-2024:0741
- https://access.redhat.com/security/cve/CVE-2024-0793
- https://github.com/kubernetes/kubernetes/issues/107038#issuecomment-1911327145
- https://github.com/advisories/GHSA-h7wq-jj8r-qm7p
- https://nvd.nist.gov/vuln/detail/CVE-2024-0793
What are Similar Vulnerabilities to CVE-2024-0793?
Similar Vulnerabilities: CVE-2023-39325 , CVE-2023-44487 , CVE-2023-45288 , CVE-2020-8566 , CVE-2021-25740
