Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0532

Опубликовано: 27 янв. 2022
Источник: redhat
CVSS3: 4.2
EPSS Низкий

Описание

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace.

Отчет

Red Hat OpenShift Container Platform (OCP) uses a vulnerable version of CRI-O, but a successful exploit requires access to at least hostnetwork SCC (Security Context Constraints) or privileged SCC. The default restricted SCC blocks this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11cri-oOut of support scope
Red Hat OpenShift Container Platform 4.10cri-oFixedRHSA-2022:005510.03.2022
Red Hat OpenShift Container Platform 4.6cri-oFixedRHSA-2022:086623.03.2022
Red Hat OpenShift Container Platform 4.7cri-oFixedRHSA-2022:087022.03.2022
Red Hat OpenShift Container Platform 4.8cri-oFixedRHBA-2022:079316.03.2022
Red Hat OpenShift Container Platform 4.9cri-oFixedRHBA-2022:079416.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=2051730cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host

EPSS

Процентиль: 24%
0.00079
Низкий

4.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0532

CVSS3: 4.2
ubuntu
почти 4 года назад

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

nvd логотип

CVE-2022-0532

CVSS3: 4.2
nvd
почти 4 года назад

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

debian логотип

CVE-2022-0532

CVSS3: 4.2
debian
почти 4 года назад

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...

github логотип

GHSA-jqmc-79gx-7g8p

CVSS3: 4.2
github
почти 4 года назад

Incorrect Permission Assignment for Critical Resource in CRI-O

EPSS

Процентиль: 24%
0.00079
Низкий

4.2 Medium

CVSS3