Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-0532

Related Vulnerabilities: CVE-2022-0532  

An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a `hostIPC` and `hostNetwork` kernel namespace.

Source

Description

An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a `hostIPC` and `hostNetwork` kernel namespace.

Statement

Red Hat OpenShift Container Platform (OCP) uses a vulnerable version of CRI-O, but a successful exploit requires access to at least `hostnetwork` SCC (Security Context Constraints) or `privileged` SCC. The default `restricted` SCC blocks this vulnerability.

Red Hat OpenShift Container Platform (OCP) uses a vulnerable version of CRI-O, but a successful exploit requires access to at least hostnetwork SCC (Security Context Constraints) or privileged SCC. The default restricted SCC blocks this vulnerability.

Additional Information

  • Bugzilla 2051730: CVE-2022-0532 cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
  • CWE-732: Incorrect Permission Assignment for Critical Resource
  • FAQ: Frequently asked questions about CVE-2022-0532

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started