CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Published: Mar 16, 2022
Updated: May 9, 2024
CVE: CVE-2022-0811
GHSA: GHSA-6x2m-w449-qwx7
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
kubernetes / cri-o	1.23.0	1.23.2
kubernetes / cri-o	1.22.0	1.22.3
kubernetes / cri-o	1.21.0	1.21.6
kubernetes / cri-o	1.20.0	1.20.7
kubernetes / cri-o	1.19.0	1.19.6
github.com/cri-o/cri-o	1.19.0	1.19.6
github.com/cri-o/cri-o	1.20.0	1.20.7
github.com/cri-o/cri-o	1.21.0	1.21.6
github.com/cri-o/cri-o	1.22.0	1.22.3
github.com/cri-o/cri-o	1.23.0	1.23.2

https://access.redhat.com/security/cve/CVE-2022-0811
https://bugs.gentoo.org/835336
https://bugzilla.redhat.com/show_bug.cgi?id=2059475
https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7
https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/

Vulnerability Database

289,599

CVE-2022-0811