CVEs in v1.35.1

[mounchin]

Can you help address the CVEs reported below.

trivy image --severity LOW,MEDIUM,HIGH,CRITICAL --ignore-unfixed --exit-code 3 --exit-on-eol 7 --scanners vuln registry.k8s.io/node-problem-detector/node-problem-detector:v1.35.1

registry.k8s.io/node-problem-detector/node-problem-detector:v1.35.1 (debian 12.12)

Total: 9 (LOW: 0, MEDIUM: 4, HIGH: 5, CRITICAL: 0)

┌────────────────────┬────────────────┬──────────┬────────┬────────────────────┬────────────────────┬──────────────────────────────────────────────────────────────┐
│      Library       │ Vulnerability  │ Severity │ Status │ Installed Version  │   Fixed Version    │                            Title                             │
├────────────────────┼────────────────┼──────────┼────────┼────────────────────┼────────────────────┼──────────────────────────────────────────────────────────────┤
│ gpgv               │ CVE-2025-68973 │ HIGH     │ fixed  │ 2.2.40-1.1+deb12u1 │ 2.2.40-1.1+deb12u2 │ GnuPG: GnuPG: Information disclosure and potential arbitrary │
│                    │                │          │        │                    │                    │ code execution via out-of-bounds write...                    │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2025-68973                   │
├────────────────────┼────────────────┤          │        ├────────────────────┼────────────────────┼──────────────────────────────────────────────────────────────┤
│ libpam-modules     │ CVE-2025-6020  │          │        │ 1.5.2-6+deb12u1    │ 1.5.2-6+deb12u2    │ linux-pam: Linux-pam directory Traversal                     │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2025-6020                    │
│                    ├────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│                    │ CVE-2024-22365 │ MEDIUM   │        │                    │                    │ pam: allowing unprivileged user to block another user        │
│                    │                │          │        │                    │                    │ namespace                                                    │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2024-22365                   │
├────────────────────┼────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│ libpam-modules-bin │ CVE-2025-6020  │ HIGH     │        │                    │                    │ linux-pam: Linux-pam directory Traversal                     │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2025-6020                    │
│                    ├────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│                    │ CVE-2024-22365 │ MEDIUM   │        │                    │                    │ pam: allowing unprivileged user to block another user        │
│                    │                │          │        │                    │                    │ namespace                                                    │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2024-22365                   │
├────────────────────┼────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│ libpam-runtime     │ CVE-2025-6020  │ HIGH     │        │                    │                    │ linux-pam: Linux-pam directory Traversal                     │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2025-6020                    │
│                    ├────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│                    │ CVE-2024-22365 │ MEDIUM   │        │                    │                    │ pam: allowing unprivileged user to block another user        │
│                    │                │          │        │                    │                    │ namespace                                                    │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2024-22365                   │
├────────────────────┼────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│ libpam0g           │ CVE-2025-6020  │ HIGH     │        │                    │                    │ linux-pam: Linux-pam directory Traversal                     │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2025-6020                    │
│                    ├────────────────┼──────────┤        │                    │                    ├──────────────────────────────────────────────────────────────┤
│                    │ CVE-2024-22365 │ MEDIUM   │        │                    │                    │ pam: allowing unprivileged user to block another user        │
│                    │                │          │        │                    │                    │ namespace                                                    │
│                    │                │          │        │                    │                    │ https://avd.aquasec.com/nvd/cve-2024-22365                   │
└────────────────────┴────────────────┴──────────┴────────┴────────────────────┴────────────────────┴──────────────────────────────────────────────────────────────┘

[runningman84]

It even reports a critical issue in our case:

IMAGE: k8s/node-problem-detector/node-problem-detector:v1.35.1
USED IN:
  - kube-system/DaemonSet/node-problem-detector
VULNERABILITIES:
  CRITICAL CVE-2023-45853 (installed 1:1.2.13.dfsg-1 → fixed )
  HIGH CVE-2025-6020 (installed 1.5.2-6+deb12u1 → fixed 1.5.2-6+deb12u2)
  HIGH CVE-2025-68973 (installed 2.2.40-1.1+deb12u1 → fixed 2.2.40-1.1+deb12u2)
  HIGH CVE-2026-0861 (installed 2.36-9+deb12u13 → fixed )
  MEDIUM CVE-2023-50495 (installed 6.4-4 → fixed )
  MEDIUM CVE-2024-10041 (installed 1.5.2-6+deb12u1 → fixed )
  MEDIUM CVE-2024-22365 (installed 1.5.2-6+deb12u1 → fixed 1.5.2-6+deb12u2)
  MEDIUM CVE-2025-13151 (installed 4.19.0-2+deb12u1 → fixed )
  MEDIUM CVE-2025-14104 (installed 1:2.38.1-5+deb12u3 → fixed )
  MEDIUM CVE-2025-15281 (installed 2.36-9+deb12u13 → fixed )
  MEDIUM CVE-2025-30258 (installed 2.2.40-1.1+deb12u1 → fixed )
  MEDIUM CVE-2025-68972 (installed 2.2.40-1.1+deb12u1 → fixed )
  MEDIUM CVE-2026-0915 (installed 2.36-9+deb12u13 → fixed )