Vulnerability CVE-2022-0811: Information

Description

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0811
Published: March 16, 2022
Modified: March 28, 2022
Error type identifier: CWE-94

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cri-op91.20.7-alt11.20.7-alt1ALT-PU-2022-1573-1296972Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2059475
  • Issue Tracking
  • Third Party Advisory
https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
      Start including
      1.23.0
      End excliding
      1.23.2
      cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
      Start including
      1.22.0
      End excliding
      1.22.3
      cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
      Start including
      1.21.0
      End excliding
      1.21.6
      cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
      Start including
      1.20.0
      End excliding
      1.20.7
      cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
      Start including
      1.19.0
      End excliding
      1.19.6
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top