Source |
Vuln GCP |
Identifiant |
8296090 |
Date de publication |
2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
Titre |
GCP-2022-012 (Recyclage) |
Texte |
Published: 2022-04-07 Updated: 2022-11-22Description
Description
Severity
Notes
2022-11-22 Update: For GKE clusters in both modes, Standard and Autopilot, workloads using GKE Sandbox are unaffected. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects the following products: GKE node pool versions 1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later)
Anthos clusters on VMware v1.10 for Container-Optimized OS images
Anthos clusters on AWS v1.21 and Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu
Managed clusters of Anthos on Azure v1.21 which use Ubuntu For instructions and more details, see the following security bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-0847
|
Envoyé |
Oui |
Condensat |
012 0847 2022 22description affects and anthos are autopilot aws azure bare been both bulletin bulletins: can clusters container cve description details discovered escalate following for gcp generation gke has high images instructions kernel later linux managed metal modes more node notes optimized pool potentially previous privileges products: published: root sandbox security see severity standard that the this ubuntu unaffected update: updated: use using version versions vmware vulnerability which workloads |
Tags |
Vulnerability
|
Stories |
Uber
|
Notes |
★★★
|
Move |
|
Source |
Vuln GCP |
Identifiant |
8296077 |
Date de publication |
2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
Titre |
GCP-2022-025 (Recyclage) |
Texte |
Published: 2022-12-21Description
Description
Severity
Notes
A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. For instructions and more details, see the following bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-2602
|
Envoyé |
Oui |
Condensat |
025 2022 21description 2602 allow and anthos arbitrary attacker aws azure bare been bulletin bulletins: can clusters code cve description details discovered execute following for gcp gke has high instructions kernel linux metal more new notes potentially published: security see severity subsystem that the uring vmware vulnerability |
Tags |
Vulnerability
|
Stories |
|
Notes |
★★★
|
Move |
|