CVE-2022-0532

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0532

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0532.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0532

Aliases

Related

Withdrawn

2024-05-15T05:32:41.947344Z

Published

2022-02-09T23:15:16Z

Modified

2024-08-21T15:42:04.628055Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

References

Affected packages

Git / github.com/cri-o/cri-o

Affected ranges

Type: GIT
Repo: https://github.com/cri-o/cri-o
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7d79f42b28ad00cf2e7d86604a5a4007303ac328

Type: GIT
Repo: https://github.com/kubernetes-incubator/cri-o
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7d79f42b28ad00cf2e7d86604a5a4007303ac328

Affected versions

v0.*

v0.0.0

v0.1

v0.2

v0.3

v1.*

v1.0.0

v1.0.0-alpha.0

v1.0.0-beta.0

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.18.0

v1.18.0-rc1

v1.8.0

v1.9.0-beta.1

v1.9.0-beta.2