Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0811

Опубликовано: 15 мар. 2022
Источник: redhat
CVSS3: 8.8
EPSS Средний

Описание

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Отчет

OpenShift Container Platform (OCP) starting from version 4.6 is affected by this vulnerability, older versions of OCP are not affected.

Меры по смягчению последствий

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11cri-oNot affected
Red Hat OpenShift Container Platform 4.10cri-oFixedRHSA-2022:081015.03.2022
Red Hat OpenShift Container Platform 4.6cri-oFixedRHSA-2022:086623.03.2022
Red Hat OpenShift Container Platform 4.7cri-oFixedRHSA-2022:087022.03.2022
Red Hat OpenShift Container Platform 4.8cri-oFixedRHSA-2022:087122.03.2022
Red Hat OpenShift Container Platform 4.9cri-oFixedRHSA-2022:086021.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-94
https://bugzilla.redhat.com/show_bug.cgi?id=2059475CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter

EPSS

Процентиль: 96%
0.27007
Средний

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0811

CVSS3: 8.8
ubuntu
больше 3 лет назад

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

nvd логотип

CVE-2022-0811

CVSS3: 8.8
nvd
больше 3 лет назад

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

debian логотип

CVE-2022-0811

CVSS3: 8.8
debian
больше 3 лет назад

A flaw was found in CRI-O in the way it set kernel options for a pod. ...

github логотип

GHSA-6x2m-w449-qwx7

CVSS3: 8.8
github
больше 3 лет назад

Code Injection in CRI-O

oracle-oval логотип

ELSA-2022-9229

oracle-oval
больше 3 лет назад

ELSA-2022-9229: cri-o security update (IMPORTANT)

EPSS

Процентиль: 96%
0.27007
Средний

8.8 High

CVSS3