C-0079 - CVE-2022-0185-linux-kernel-container-escape

Framework

ArmoBest, AllControls

Severity

Medium

Description of the the issue

Linux maintainers disclosed a broadly available Linux kernel vulnerability (CVE-2022-0185) which enables attackers to escape containers and get full control over the node. In order to be able to exploit this vulnerability, the attacker needs to be able to run code on in the container and the container must have CAP_SYS_ADMIN privileges. Linux kernel and all major distro maintainers have released patches. This control alerts on vulnerable kernel versions of Kubernetes nodes.

Related resources

Node

What does this control test

Checking Linux kernel version of the Node objects, if it is above 5.1 or below 5.16.2 it fires an alert

Remediation

Patch Linux kernel version to 5.16.2 or above

Example