CVE-2022-0532
N/A
N/A
Summary
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | cri-o | 1.18 | affected |
Weaknesses
- CWE-732: CWE-732
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2051730
- https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2051730
- https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.