Security News > 2022 > January > Linux kernel bug can let hackers escape Kubernetes containers
A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system.
CVE-2022-0185 is a heap-based buffer overflow vulnerability in the "File System Context" Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution.
The heap overflow bug impacts all Linux kernel versions starting from 5.1-rc1 through the latest patched ones.
The CoR team also said that they have also created working exploit code for Google Container optimized operating system for Docker containers.
Upgrading the Linux kernel to version 5.16.2 or later addresses the problem.
The update is not available for all Linux distributions yet and building the kernel from source is not an option embraced by many system administrators.
News URL
Related news
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-0185 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. | 8.4 |