Incorrect Sysctls Validation Vulnerability in CRI-O by Red Hat
CVE-2022-0532

4.2MEDIUM

Key Information:

Vendor: Kubernetes
Status: Cri-o
Vendor: CVE Published:; 9 February 2022

Summary

An incorrect validation of sysctls in CRI-O versions 1.18 and earlier allows an attacker to take advantage of unsafe sysctls in a cluster. If an attacker manages to create a pod with the hostIPC and hostNetwork kernel namespaces, they can apply the sysctls from a designated 'safe' list, leading to potential security breaches on the host system. This vulnerability emphasizes the need for rigorous security measures in Kubernetes environments.

Affected Version(s)

cri-o 1.18

References

https://bugzilla.redhat.com/show_bug.cgi?id=2051730

x_refsource_MISC

https://kubernetes.io/docs/tasks/administer-cluster/sysct...

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Feb 8, 2022