918439 – (CVE-2023-2431) <sys-cluster/kubelet-{1.24.14,1.25.10,1.26.5,1.27.2}: seccong enforcement bypass

Bug 918439 (CVE-2023-2431) - <sys-cluster/kubelet-{1.24.14,1.25.10,1.26.5,1.27.2}: seccong enforcement bypass

Summary: <sys-cluster/kubelet-{1.24.14,1.25.10,1.26.5,1.27.2}: seccong enforcement bypass

Status:	RESOLVED FIXED

Alias:	CVE-2023-2431

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://groups.google.com/g/kubernete...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2023-11-24 23:08 UTC by John Helmert III
Modified:	2023-11-24 23:08 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-11-24 23:08:17 UTC

CVE-2023-2431:

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

Already all done.