- Fix: get azure disk lun timeout issue ([#88158](https://github.com/kubernetes/kubernetes/pull/88158), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
- Fixed `threadSafeMap` high memory usage caused by indices that have churn of high-cardinality keys. E.g. namespaces ([#88005](https://github.com/kubernetes/kubernetes/pull/88005), [@patrickshan](https://github.com/patrickshan)) [SIG API Machinery]

pkg syscall (darwin-arm64), const IPV6_PORTRANGE_DEFAULT = 0
pkg syscall (darwin-arm64), const IPV6_PORTRANGE_DEFAULT ideal-int
pkg syscall (darwin-arm64), const IPV6_PORTRANGE_HIGH = 1
pkg syscall (darwin-arm64), const IPV6_PORTRANGE_HIGH ideal-int
pkg syscall (darwin-arm64), const IPV6_PORTRANGE_LOW = 2
pkg syscall (darwin-arm64), const IPV6_PORTRANGE_LOW ideal-int
pkg syscall (darwin-arm64), const IPV6_RECVTCLASS = 35

pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE_DEFAULT = 0
pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE_DEFAULT ideal-int
pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE_HIGH = 1
pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE_HIGH ideal-int
pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE ideal-int
pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE_LOW = 2
pkg syscall (netbsd-arm64-cgo), const IP_PORTRANGE_LOW ideal-int

### Bug or Regression

**Fixed Versions**:
  - kubelet v1.22.2
  - kubelet v1.21.5
  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Bug or Regression

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

- Fix: get azure disk lun timeout issue ([#88158](https://github.com/kubernetes/kubernetes/pull/88158), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
- Fixed `threadSafeMap` high memory usage caused by indices that have churn of high-cardinality keys. E.g. namespaces ([#88007](https://github.com/kubernetes/kubernetes/pull/88007), [@patrickshan](https://github.com/patrickshan)) [SIG API Machinery]

    - `apiserver_flowcontrol_demand_seats`: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)
    - `apiserver_flowcontrol_demand_seats_high_watermark`: High watermark, over last adjustment period, of demand_seats
    - `apiserver_flowcontrol_demand_seats_average`: Time-weighted average, over last adjustment period, of demand_seats

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Dependencies

### Added
_Nothing has changed._

### Changed

**Fixed Versions**:
  - kubelet v1.22.2
  - kubelet v1.21.5
  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Feature