An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of safe sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cri-o | Kubernetes | * | 1.18 (including) |
Red Hat OpenShift Container Platform 4.10 | RedHat | cri-o-0:1.23.1-9.rhaos4.10.gitbdffb9a.el8 | * |
Red Hat OpenShift Container Platform 4.6 | RedHat | cri-o-0:1.19.5-3.rhaos4.6.git91f8458.el8 | * |
Red Hat OpenShift Container Platform 4.7 | RedHat | cri-o-0:1.20.6-11.rhaos4.7.git76ea3d0.el8 | * |
Red Hat OpenShift Container Platform 4.8 | RedHat | cri-o-0:1.21.5-2.rhaos4.8.gitaf64931.el8 | * |
Red Hat OpenShift Container Platform 4.9 | RedHat | cri-o-0:1.22.2-2.rhaos4.9.gitb030be8.el8 | * |