Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835336 (CVE-2022-0811) - <app-containers/cri-o-1.23.2: host code execution via kernel.core_pattern sysctl
Summary: <app-containers/cri-o-1.23.2: host code execution via kernel.core_pattern sysctl
Status: RESOLVED FIXED
Alias: CVE-2022-0811
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/cri-o/cri-o/securi...
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-15 15:15 UTC by John Helmert III
Modified: 2022-03-16 00:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-15 15:15:03 UTC
CVE-2022-0811:

A flaw introduced in CRI-O version 1.19 which an attacker can use to bypass the safeguards and set arbitrary kernel parameters on the host. As a result, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the “kernel.core_pattern” kernel parameter to achieve container escape and arbitrary code execution as root on any node in the cluster.

Please bump to 1.23.2.
Comment 1 Larry the Git Cow gentoo-dev 2022-03-16 00:22:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1686e3c35d110a4979eba666acb3d3a2ba412e7f

commit 1686e3c35d110a4979eba666acb3d3a2ba412e7f
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-03-16 00:21:01 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-03-16 00:21:07 +0000

    app-containers/cri-o: remove vulnerable version
    
    Bug: https://bugs.gentoo.org/835336
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/cri-o/Manifest            |    1 -
 app-containers/cri-o/cri-o-1.23.1.ebuild | 2157 ------------------------------
 2 files changed, 2158 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b335fc22c74436109ccd7fc04327797c4735bfe

commit 2b335fc22c74436109ccd7fc04327797c4735bfe
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-03-16 00:19:32 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-03-16 00:19:41 +0000

    app-containers/cri-o: add 1.23.2
    
    Bug: https://bugs.gentoo.org/835336
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/cri-o/Manifest            |    1 +
 app-containers/cri-o/cri-o-1.23.2.ebuild | 2157 ++++++++++++++++++++++++++++++
 2 files changed, 2158 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-03-16 00:40:23 UTC
Thanks! All done.