Linux kernel bug can let hackers escape Kubernetes containers

2022-01-25 16:56

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system.

CVE-2022-0185 is a heap-based buffer overflow vulnerability in the "File System Context" Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution.

The heap overflow bug impacts all Linux kernel versions starting from 5.1-rc1 through the latest patched ones.

The CoR team also said that they have also created working exploit code for Google Container optimized operating system for Docker containers.

Upgrading the Linux kernel to version 5.16.2 or later addresses the problem.

The update is not available for all Linux distributions yet and building the kernel from source is not an option embraced by many system administrators.

News URL

https://www.bleepingcomputer.com/news/security/linux-kernel-bug-can-let-hackers-escape-kubernetes-containers/

#hacker #kernel #kubernetes #linux #CVE-2022-0185

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-11	CVE-2022-0185	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. local low complexity linux netapp CWE-191	8.4

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux	11	64	2312	1489	67	3932
Kubernetes	19	5	45	35	8	93
Kernel	3	0	8	4	1	13

News URL

Related news

Related Vulnerability

Related vendor