CVE-2022-0532

 

Published at: - 27-01-2022 01:00

Last modified: - 27-01-2022 01:00

Total changes: - 127

Description

CVE-2022-0532 cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=2051730
• [0] https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls https://github.com/cri-o/cri-o/security/advisories/GHSA-w2j5-3rcx-vx7x
• https://access.redhat.com/errata/RHSA-2022:0055
• https://access.redhat.com/errata/RHSA-2022:0866
• https://access.redhat.com/errata/RHSA-2022:0870
• https://access.redhat.com/errata/RHBA-2022:0793
• https://access.redhat.com/errata/RHBA-2022:0794

 

Keywords

REDHAT

 

CVE-2022-0532

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures