It was found that if a user can create a pod with a `hostIPC` and `hostNetwork` kernel namespace and is able to specify a sysctl from the list of "safe" sysctls specified for the cluster (by default, these are specified here
then the sysctls will be applied to the host.
Created cri-o tracking bugs for this issue:
Affects: fedora-all [bug 2051906]
All currently supported version of CRI-O are affected by this vulnerability.
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.10
Via RHSA-2022:0055 https://access.redhat.com/errata/RHSA-2022:0055
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):