What the vulnerability does

01Description

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Key dates

02Disclosure timeline

March 16, 2022 CVE published
August 2, 2024 Record updated