One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296084 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-018 (Recyclage) |
| Texte | Published: 2022-08-01Updated: 2022-09-14Description
Description
Severity
Notes
2022-09-14 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure. A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletinHigh CVE-2022-2327 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 018 01updated: 14description 2022 2327 achieve added allows and anthos aws azure bare been breakout bulletin bulletinhigh bulletins: can clusters container cve description details discovered escalation following for full gcp gke has instructions kernel lead linux local metal more new node notes patch privilege published: root security see severity that the this unprivileged update: user versions vmware vulnerability |
| Tags | Vulnerability Guideline |
| Stories | |
| Move | 
|
Les reprises de l'article (1):
| Source | Vuln GCP |
|---|---|
| Identifiant | 8296078 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-024 (Recyclage) |
| Texte | Published: 2022-11-09Updated: 2022-12-16Description
Description
Severity
Notes
2022-12-16 Update: Added patch versions for GKE and Anthos clusters on VMware. Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-2585 CVE-2022-2588 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 024 09updated: 16description 2022 2585 2588 added and anthos aws azure bare been break bulletin can clusters container cve description details discovered for full gcp gke have high instructions kernel lead linux metal more new node notes out patch published: root security see severity that the the: two update: versions vmware vulnerabilities |
| Tags | Guideline |
| Stories | |
| Move |
|
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-017 (lien direct) | Published: 2022-06-29 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: Workloads using GKE Sandbox are not affected by these vulnerabilities. 2022-07-21 Update: additional information on Anthos clusters on VMware. A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1786 | Vulnerability | Uber | ★★★ |