CVE-2022-0532 — Incorrect Permission Assignment in Cri-o Cri-o

CWE-732 — Incorrect Permission Assignment6 documents5 sources

Severity

4.2MEDIUMNVD

EPSS

0.2%

top 59.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Cri-o Cri-o Kubernetes Cri-o Redhat Openshift Container Platform

Timeline

PublishedFeb 9

Latest updateAug 21

Description

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 1.6 | Impact: 2.5

Affected Packages3 packages

▶Gogithub.com/cri-o_cri-o< 1.23.1

▶NVDkubernetes/cri-o1.18

▶CVEListV5kubernetes/cri-o1.18

Also affects: Openshift Container Platform 4.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

Incorrect Permission Assignment for Critical Resource in CRI-O in github.com/cri-o/cri-o↗2024-08-21

▶

GHSA

Incorrect Permission Assignment for Critical Resource in CRI-O↗2022-02-11

▶

OSV

Incorrect Permission Assignment for Critical Resource in CRI-O↗2022-02-11

▶

CVEList

CVE-2022-0532: An incorrect sysctls validation vulnerability was found in CRI-O 1↗2022-02-09

▶

📋Vendor Advisories

Red Hat

cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host↗2022-01-27

▶