CrowdStrike identifies a new vulnerability in Kubernetes container engine CRI-O

|
Categories Digital Infrastructure News
CrowdStrike identifies a new vulnerability in Kubernetes container engine CRI-O

A team of researchers at CrowdStrike, an American cybersecurity technology company, discovered a new vulnerability (CVE-2022-0811) in the CRI-O container engine. As a part of the exposed system, the attacker could ‘escape’ the Kubernetes container and gain root access to the host and be able to move anywhere within the cluster. The triggering of the vulnerability allowed the attacker to perform various actions, from executing malware to copying data and moving laterally across pods.

The potential impact of the security threat is widespread, as many software and platforms use CRI-O by default. To keep the customers safe, CrowdStrike recommends that CRI-O users patch immediately, of which more details are provided in the official blog post.

“CrowdStrike’s Cloud Threat Research team discovered a flaw introduced in CRI-O version 1.19 that allows an attacker to bypass these safeguards and set arbitrary kernel parameters on the host”, the authors note in the website post. “As a result of CVE-2022-0811, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the “kernel.core_pattern” parameter to achieve container escape and arbitrary code execution as root on any node in the cluster.”

In the post, the team also evaluates the proof of concept to understand the potential impact of the problem and simulate how this can be used in the wild. It is important to note that to trigger CVE-2022-0811, Kubernetes is not necessary while the attacker on a machine with CRI-O installed can use it to set kernel parameters.

The CrowdStrike Falcon sensor part of the CrowdStrike Falcon Cloud Workload Protection model that protects the Kubernetes and containers will detect attempts to exploit CVE-2022-0811 as privilege escalation. The module also includes Kubernetes Protection Agent that scans all workload resources specifications on the cluster and transmits it to the CrowdStrike Security Cloud for misconfiguration analysis.

Previous Article:

Article Topics

 |   |   |   | 

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sponsored Links

Avassa: Empowers companies to bridge the gap between modern containerized applications development and operations and distributed edge infrastructure. https://avassa.io/

DataBank: We believe there is a different edge to be served - the “middle edge" - that will become the first step for many in their journey to the edge. https://www.databank.com/

Latitude.sh: Where the power of bare metal meets the flexibility of the cloud. Deploy physical servers across 23 global locations in as little as 5 seconds. https://www.latitude.sh/

Zenlayer: A massively distributed edge cloud service provider operating over 270 PoPs around the world, with expertise in fast-growing emerging markets. https://www.zenlayer.com/

OnLogic: A global industrial PC manufacturer and solution provider focused on hardware for IoT and edge AI, OnLogic designs highly-configurable computers engineered for reliability. https://www.onlogic.com/

Featured Company

Learn More

Latest News