CVE-2022-0811
N/A
N/A
Summary
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | CRI-O | cri-o 1.24.0, cri-o 1.23.2, cri-o 1.22.3, cri-o 1.21.6, cri-o 1.20.7, cri-o 1.19.6 | affected |
Weaknesses
- CWE-94: CWE-94
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2059475
- https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2059475
- https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.