Security News > 2022 > January > Linux kernel bug can let hackers escape Kubernetes containers
A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system.
CVE-2022-0185 is a heap-based buffer overflow vulnerability in the "File System Context" Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution.
The heap overflow bug impacts all Linux kernel versions starting from 5.1-rc1 through the latest patched ones.
The CoR team also said that they have also created working exploit code for Google Container optimized operating system for Docker containers.
Upgrading the Linux kernel to version 5.16.2 or later addresses the problem.
The update is not available for all Linux distributions yet and building the kernel from source is not an option embraced by many system administrators.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2022-0185 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. | 8.4 |