Source |
CrowdStrike |
Identifiant |
4062062 |
Date de publication |
2022-01-31 23:11:00 (vue: 2022-02-01 00:08:11) |
Titre |
CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit |
Texte |
On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function âlegacy_parse_paramâ of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions. CVE-2022-0185 Needs CAP_SYS_ADMIN This flaw is […] |
Envoyé |
Oui |
Condensat |
0185 0185: 2022 admin allows any attacker base bounds buffer bypassing can cap container context cve escalate escape exploit filesystem flaw found function functionality heap its jan kernel kubernetes linux memory namespace needs out overflow paramâ parse primitive privilege rc1+ researchers restrictions root sys unprivileged using which write âlegacy |
Tags |
|
Stories |
Uber
|
Notes |
|
Move |
|