Bug 2059475 (CVE-2022-0811) - CVE-2022-0811 CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter
Summary: CVE-2022-0811 CRI-O: Arbitrary code execution in cri-o via abusing “kernel.co...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-0811
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2059481 2059482 2059483 2059484 2059485 2064293 2066126 2066468 2066469 2066470 2066471 2066472 2066473
Blocks: 2059476 2059496
TreeView+ depends on / blocked
 
Reported: 2022-03-01 06:58 UTC by Avinash Hanwate
Modified: 2022-03-23 09:49 UTC (History)
23 users (show)

Fixed In Version: cri-o 1.24.0, cri-o 1.23.2, cri-o 1.22.3, cri-o 1.21.6, cri-o 1.20.7, cri-o 1.19.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
Clone Of:
Environment:
Last Closed: 2022-03-16 03:01:26 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 6827131 0 None None None 2022-03-18 08:53:38 UTC
Red Hat Product Errata RHSA-2022:0810 0 None None None 2022-03-15 23:16:00 UTC
Red Hat Product Errata RHSA-2022:0860 0 None None None 2022-03-21 12:10:44 UTC
Red Hat Product Errata RHSA-2022:0866 0 None None None 2022-03-23 09:49:00 UTC
Red Hat Product Errata RHSA-2022:0870 0 None None None 2022-03-22 15:22:28 UTC
Red Hat Product Errata RHSA-2022:0871 0 None None None 2022-03-22 17:36:50 UTC

Description Avinash Hanwate 2022-03-01 06:58:42 UTC
A flaw introduced in CRI-O version 1.19 which an attacker can use to bypass the safeguards and set arbitrary kernel parameters on the host. As a result, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the “kernel.core_pattern” kernel parameter to achieve container escape and arbitrary code execution as root on any node in the cluster.

Comment 5 Przemyslaw Roguski 2022-03-15 14:01:28 UTC
Created cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2064293]

Comment 6 errata-xmlrpc 2022-03-15 23:15:58 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:0810 https://access.redhat.com/errata/RHSA-2022:0810

Comment 7 Product Security DevOps Team 2022-03-16 03:01:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0811

Comment 15 Sam Fowler 2022-03-21 00:14:05 UTC
Created cri-o:1.19/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066126]

Comment 16 errata-xmlrpc 2022-03-21 12:10:42 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.9

Via RHSA-2022:0860 https://access.redhat.com/errata/RHSA-2022:0860

Comment 17 Sam Fowler 2022-03-21 21:11:31 UTC
Created cri-o:1.17/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066468]


Created cri-o:1.18/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066469]


Created cri-o:1.20/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066470]


Created cri-o:1.21/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066471]


Created cri-o:1.22/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066472]


Created cri-o:nightly/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2066473]

Comment 18 errata-xmlrpc 2022-03-22 15:22:22 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2022:0870 https://access.redhat.com/errata/RHSA-2022:0870

Comment 19 errata-xmlrpc 2022-03-22 17:36:48 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.8

Via RHSA-2022:0871 https://access.redhat.com/errata/RHSA-2022:0871

Comment 20 errata-xmlrpc 2022-03-23 09:48:57 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2022:0866 https://access.redhat.com/errata/RHSA-2022:0866


Note You need to log in before you can comment on or make changes to this bug.