In github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, a bug was found that can allows low privileged users to set the seccomp profile for pods they control to "unconfined". By default the seccomp profile used in the restricted-v2 Security Context Contstraint (SCC) is "runtime/default", thus this bug allows users disable seccomp for pods they can create and/or modify. Seccomp is one of many security layers used in OpenShift, including SELinux, dropping of capabilities and running as non-root, so on its own disabling of seccomp does not allow a direct path to privilege escalation. However, it is possible that exploit of this bug could be used in combination with another vulnerability, e.g. a potential kernel privilege escalation flaw, to allow a user to escape a container.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1325 https://access.redhat.com/errata/RHSA-2023:1325
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0229