Jump to:

CVE-2022-0532

Jump to:

CVE-2022-0532

Package cri-o updated to version 1.18.0-alt1 for branch sisyphus in task 251262.

Published: 2022-02-10
Modified: 2024-11-21

CVE-2022-0532

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

Severity: MEDIUM (4.2) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

References:

https://bugzilla.redhat.com/show_bug.cgi?id=2051730
https://bugzilla.redhat.com/show_bug.cgi?id=2051730
https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls
https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls

Version: 2.1.0

Package cri-o update in sisyphus on 2020-05-06

ALT-PU-2020-1920-1

Closed vulnerabilities

CVE-2022-0532