Bug 2059475 (CVE-2022-0811)
| Summary: | CVE-2022-0811 CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aos-bugs, blaise, bmontgom, bradley.g.smith, ebakerupw, eparis, jakubr, jburrell, jokerman, nstielau, oarribas, pehunt, prodsec-dev, proguski, rdiazgav, rphillips, ryncsn, santiago, security-response-team, sponnaga, sreber, ssonigra, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cri-o 1.24.0, cri-o 1.23.2, cri-o 1.22.3, cri-o 1.21.6, cri-o 1.20.7, cri-o 1.19.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-16 03:01:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2059481, 2059482, 2059483, 2059484, 2059485, 2064293, 2066126, 2066468, 2066469, 2066470, 2066471, 2066472, 2066473 | ||
| Bug Blocks: | 2059476, 2059496 | ||
|
Description
Avinash Hanwate
2022-03-01 06:58:42 UTC
Created cri-o tracking bugs for this issue: Affects: fedora-all [bug 2064293] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0810 https://access.redhat.com/errata/RHSA-2022:0810 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0811 Created cri-o:1.19/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066126] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:0860 https://access.redhat.com/errata/RHSA-2022:0860 Created cri-o:1.17/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066468] Created cri-o:1.18/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066469] Created cri-o:1.20/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066470] Created cri-o:1.21/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066471] Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066472] Created cri-o:nightly/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2066473] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:0870 https://access.redhat.com/errata/RHSA-2022:0870 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:0871 https://access.redhat.com/errata/RHSA-2022:0871 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:0866 https://access.redhat.com/errata/RHSA-2022:0866 |