One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296081 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-021 (Recyclage) |
| Texte | Published: 2022-10-27Updated: 2022-12-15Description
Description
Severity
Notes
2022-12-15 Update: Updated information that version 1.21.14-gke.9400 of Google Kubernetes Engine is pending rollout and may be superseded by a higher version number. 2022-11-22 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-3176 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 021 15description 2022 27updated: 3176 9400 achieve added allows and anthos aws azure bare been breakout bulletin bulletins: can clusters container cve description details discovered engine escalation following for full gcp gke google has high higher information instructions kernel kubernetes lead linux local may metal more new node notes number patch pending privilege published: rollout root security see severity superseded that the this unprivileged update: updated user version versions vmware vulnerability |
| Tags | Vulnerability Guideline |
| Stories | Uber |
| Move | 
|
Les reprises de l'article (1):
| Source | Vuln GCP |
|---|---|
| Identifiant | 8296077 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-025 (Recyclage) |
| Texte | Published: 2022-12-21Description Description Severity Notes A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-2602 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 025 2022 21description 2602 allow and anthos arbitrary attacker aws azure bare been bulletin bulletins: can clusters code cve description details discovered execute following for gcp gke has high instructions kernel linux metal more new notes potentially published: security see severity subsystem that the uring vmware vulnerability |
| Tags | Vulnerability |
| Stories | |
| Move |
|
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-024 (lien direct) | Published: 2022-11-09Updated: 2022-12-16Description Description Severity Notes 2022-12-16 Update: Added patch versions for GKE and Anthos clusters on VMware. Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-2585 CVE-2022-2588 | Guideline | ★★★ |