An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a `hostIPC` and `hostNetwork` kernel namespace.
An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a `hostIPC` and `hostNetwork` kernel namespace.
Red Hat OpenShift Container Platform (OCP) uses a vulnerable version of CRI-O, but a successful exploit requires access to at least hostnetwork
SCC (Security Context Constraints) or privileged
SCC. The default restricted
SCC blocks this vulnerability.