21 matches found
RHCOS 4 : OpenShift Container Platform 4.10.4 (RHSA-2022:0810)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0810 advisory. - CRI-O: Arbitrary code execution in cri-o via abusing kernel.corepattern kernel parameter CVE-2022-0811 Note that Nessus has not tested for...
RHCOS 4 : OpenShift Container Platform 4.9.25 (RHSA-2022:0860)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0860 advisory. - CRI-O: Arbitrary code execution in cri-o via abusing kernel.corepattern kernel parameter CVE-2022-0811 Note that Nessus has not tested for...
CVE-2022-0811 affecting package cri-o for versions less than 1.22.3-1
CVE-2022-0811 affecting package cri-o for versions less than 1.22.3-1. A patched version of the package is available...
Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to CVE-2022-0811
Summary IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID:CVE-2022-0811 DESCRIPTION: CRI-O could allow a...
Security Bulletin: IBM Netezza as a Service is vulnerable to CVE-2022-0811
Summary IBM Netezza as a Service is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID: CVE-2022-0811 DESCRIPTION: CRI-O could allow a remote...
Security fix for the ALT Linux 9 package cri-o version 1.20.7-alt1
1.20.7-alt1 built March 25, 2022 Mikhail Gordeev in task 296972 March 21, 2022 Mikhail Gordeev - new version 1.20.0 - Fixes: CVE-2022-0811...
Security fix for the ALT Linux 10 package cri-o version 1.22.3-alt2
1.22.3-alt2 built March 24, 2022 Mikhail Gordeev in task 296969 March 21, 2022 Mikhail Gordeev - Add cve fix to changelog - Fixes: CVE-2022-0811...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.6.56 packages and security update
Red Hat OpenShift Container Platform release 4.6.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...
RHEL 7 / 8 : OpenShift Container Platform 4.7.45 (RHSA-2022:0870)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0870 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 7 / 8 : OpenShift Container Platform 4.6.56 (RHSA-2022:0866)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0866 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 7 / 8 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.8.35 security update
Red Hat OpenShift Container Platform release 4.8.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...
RHEL 7 / 8 : OpenShift Container Platform 4.9.25 (RHSA-2022:0860)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0860 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
CRI-O package 1.19.x < 1.19.6 / 1.20.x < 1.20.7 / 1.21.x < 1.21.6 / 1.22.x < 1.22.3 / 1.23.x < 1.23.2 Arbitrary Code Execution (CVE-2022-0811)
The version of the CRI-O package installed on the remote host is 1.19.x prior to 1.19.6, 1.20.x prior to 1.20.7, 1.21.x prior to 1.21.6, 1.22.x prior to 1.22.3, or 1.23.x prior to 1.23.2. It is, therefore, affected by an arbitrary code execution vulnerability via abusing the 'kernel.corepattern'...
New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives,...
Oracle Linux 7 / 8 : cri-o (ELSA-2022-9229)
The remote Oracle Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9229 advisory. 1.21.6-1 - Added Oracle Specifile Files for cri-o Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...
Oracle Linux 7 / 8 : cri-o (ELSA-2022-9228)
The remote Oracle Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9228 advisory. 1.20.7-1 - Added Oracle Specifile Files for cri-o Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...
CVE-2022-0811
creationtimestamp| type| source ---|---|--- 2022-03-16 17:20:37+00:00| seen| https://t.me/cibsecurity/39034 2022-03-17 08:46:54+00:00| published-proof-of-concept| https://t.me/cKure/9049 2022-03-17 14:30:04+00:00| published-proof-of-concept| https://t.me/truesecator/2743 2022-03-17 17:37:10+00:00...
CVE-2022-0811
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...
CVE-2022-0811
CVE-2022-0811 affects CRI-O and allows a pod-deployer with Kubernetes permissions to escape container boundaries and execute code as root on the cluster node. The root cause is a flaw in how CRI-O sets kernel options for a pod (notably kernel.core_pattern). Documented impact is arbitrary code exe...