CRI-O Vulnerability: Incorrect Sysctls Validation Allows Unauthorized Host Manipulation

CRI-O Vulnerability: Incorrect Sysctls Validation Allows Unauthorized Host Manipulation

CVE-2022-0532 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

Learn more about our Network Penetration Testing.