Bug 2272532 (CVE-2024-3154) - CVE-2024-3154 cri-o: Arbitrary command injection via pod annotation
Summary: CVE-2024-3154 cri-o: Arbitrary command injection via pod annotation
Keywords:
Status: NEW
Alias: CVE-2024-3154
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2278701 2278702 2278703 2278704 2278705 2278706 2278707 2278708
Blocks: 2272534
TreeView+ depends on / blocked
 
Reported: 2024-04-01 19:13 UTC by Pedro Sampaio
Modified: 2024-06-05 12:10 UTC (History)
9 users (show)

Fixed In Version: cri-o 1.30.0, cri-o 1.29.4, cri-o 1.28.6, cri-o 1.27.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2669 0 None None None 2024-05-09 14:11:56 UTC
Red Hat Product Errata RHSA-2024:2672 0 None None None 2024-05-09 17:13:42 UTC
Red Hat Product Errata RHSA-2024:2784 0 None None None 2024-05-16 18:31:09 UTC
Red Hat Product Errata RHSA-2024:3496 0 None None None 2024-06-05 12:10:09 UTC

Description Pedro Sampaio 2024-04-01 19:13:02 UTC 
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation. This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

References:

https://github.com/opencontainers/runc/pull/3923#discussion_r1538109353
https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j
Comment 4 Anten Skrabec 2024-05-02 19:30:38 UTC 
Created cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278702]


Created cri-o:1.21/cri-o tracking bugs for this issue:

Affects: epel-all [bug 2278701]


Created cri-o:1.22/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278703]


Created cri-o:1.23/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278704]


Created cri-o:1.24/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278705]


Created cri-o:1.25/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278706]


Created cri-o:1.26/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278707]


Created cri-o:1.27/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2278708]
Comment 5 errata-xmlrpc 2024-05-09 14:11:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:2669 https://access.redhat.com/errata/RHSA-2024:2669
Comment 6 errata-xmlrpc 2024-05-09 17:13:41 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:2672 https://access.redhat.com/errata/RHSA-2024:2672
Comment 7 errata-xmlrpc 2024-05-16 18:31:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:2784 https://access.redhat.com/errata/RHSA-2024:2784
Comment 8 errata-xmlrpc 2024-06-05 12:10:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:3496 https://access.redhat.com/errata/RHSA-2024:3496
Note You need to log in before you can comment on or make changes to this bug.