One Article Review
Accueil - L'article:
Source Google.webp Vuln GCP
Identifiant 8296085
Date de publication 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37)
Titre GCP-2022-017 (Recyclage)
Texte Published: 2022-06-29 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: Workloads using GKE Sandbox are not affected by these vulnerabilities.
2022-07-21 Update: additional information on Anthos clusters on VMware.
A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1786
Envoyé Oui
Condensat 017 1786 2022 22description access achieve additional affected allows and anthos are aws azure bare been breakout bulletin cluster clusters container cve description details discovered either for full gcp gke has high information instructions kernel linux local metal more new node not notes only optimized published: root run sandbox security see severity that the the: these this ubuntu unprivileged update: updated: use user using version versions vmware vulnerabilities vulnerability with workloads
Tags Vulnerability
Stories Uber
Notes ★★★
Move


Les reprises de l'article (1):
Source Google.webp Vuln GCP
Identifiant 8296084
Date de publication 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37)
Titre GCP-2022-018 (Recyclage)
Texte Published: 2022-08-01Updated: 2022-09-14Description Description Severity Notes 2022-09-14 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure.
A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletinHigh CVE-2022-2327
Envoyé Oui
Condensat 018 01updated: 14description 2022 2327 achieve added allows and anthos aws azure bare been breakout bulletin bulletinhigh bulletins: can clusters container cve description details discovered escalation following for full gcp gke has instructions kernel lead linux local metal more new node notes patch privilege published: root security see severity that the this unprivileged update: user versions vmware vulnerability
Tags Vulnerability Guideline
Stories
Notes ★★★
Move


L'article ressemble à 1 autre(s) article(s):
Src Date (GMT) Titre Description Tags Stories Notes
Google.webp 2022-12-21 17:12:56 (Déjà vu) GCP-2022-016 (lien direct) Published: 2022-06-23 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: Autopilot clusters are not affected by by CVE-2022-29581 but are vulnerable to CVE-2022-29582 and CVE-2022-1116. Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For instructions and more details, refer to the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-29581 CVE-2022-29582 CVE-2022-1116 ★★★
My email: