CVE-2022-0532

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions CRI-O versions 1.18 and earlier

Description An incorrect sysctls validation issue was found, allowing an attacker to apply sysctls from the list of "safe" sysctls specified for the cluster to the host if they can create a pod with a hostIPC and hostNetwork kernel namespace.

Recommendations For CRI-O versions 1.18 and earlier, as a temporary workaround, consider restricting the creation of pods with hostIPC and hostNetwork kernel namespace to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2020-1920

ALT-PU-2020-2425

CVE-2022-0532

GHSA-JQMC-79GX-7G8P

GO-2022-0608

RHSA-2022:0055

RHSA-2022:0866

RHSA-2022:0870

Affected Products

Alt Linux

Cri-O

CVE-2022-0532

Weakness Enumeration

Related Identifiers

Affected Products

References · 11