What the vulnerability does

01Description

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

Key dates

02Disclosure timeline

February 9, 2022 CVE published
August 2, 2024 Record updated