C-0079 - CVE-2022-0185-linux-kernel-container-escape


AllControls, ArmoBest



Description of the the issue

Linux maintainers disclosed a broadly available Linux kernel vulnerability (CVE-2022-0185) which enables attackers to escape containers and get full control over the node. In order to be able to exploit this vulnerability, the attacker needs to be able to run code on in the container and the container must have CAP_SYS_ADMIN privileges. Linux kernel and all major distro maintainers have released patches. This control alerts on vulnerable kernel versions of Kubernetes nodes.

Related resources


What does this control test

Checking Linux kernel version of the Node objects, if it is above 5.1 or below 5.16.2 it fires an alert


Patch Linux kernel version to 5.16.2 or above