CVE-2022-0811

Summary

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Affected Software

VendorProductVersion RangeStatus
n/aCRI-Ocri-o 1.24.0, cri-o 1.23.2, cri-o 1.22.3, cri-o 1.21.6, cri-o 1.20.7, cri-o 1.19.6affected

Weaknesses

  • CWE-94: CWE-94

ADP Enrichment

CVE Program Container

Additional References

References