An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2051730 | Issue Tracking Patch Third Party Advisory |
https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls | Vendor Advisory |
Configurations
History
22 Feb 2022, 20:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 4.2 |
17 Feb 2022, 19:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2051730 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
|
First Time |
Kubernetes
Redhat openshift Container Platform Redhat Kubernetes cri-o |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-732 |
09 Feb 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-09 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0532
Mitre link : CVE-2022-0532
CVE.ORG link : CVE-2022-0532
JSON object : View
Products Affected
kubernetes
- cri-o
redhat
- openshift_container_platform
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource