CrowdStrike identifies a new vulnerability in Kubernetes container engine CRI-O
A team of researchers at CrowdStrike, an American cybersecurity technology company, discovered a new vulnerability (CVE-2022-0811) in the CRI-O container engine. As a part of the exposed system, the attacker could ‘escape’ the Kubernetes container and gain root access to the host and be able to move anywhere within the cluster. The triggering of the vulnerability allowed the attacker to perform various actions, from executing malware to copying data and moving laterally across pods.
The potential impact of the security threat is widespread, as many software and platforms use CRI-O by default. To keep the customers safe, CrowdStrike recommends that CRI-O users patch immediately, of which more details are provided in the official blog post.
“CrowdStrike’s Cloud Threat Research team discovered a flaw introduced in CRI-O version 1.19 that allows an attacker to bypass these safeguards and set arbitrary kernel parameters on the host”, the authors note in the website post. “As a result of CVE-2022-0811, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the “kernel.core_pattern” parameter to achieve container escape and arbitrary code execution as root on any node in the cluster.”
In the post, the team also evaluates the proof of concept to understand the potential impact of the problem and simulate how this can be used in the wild. It is important to note that to trigger CVE-2022-0811, Kubernetes is not necessary while the attacker on a machine with CRI-O installed can use it to set kernel parameters.
The CrowdStrike Falcon sensor part of the CrowdStrike Falcon Cloud Workload Protection model that protects the Kubernetes and containers will detect attempts to exploit CVE-2022-0811 as privilege escalation. The module also includes Kubernetes Protection Agent that scans all workload resources specifications on the cluster and transmits it to the CrowdStrike Security Cloud for misconfiguration analysis.
Quadric grabs $21 million to develop the next-generation Quadric architecture for edge AI applications
Performance accountability and edge decision making
Article Topics
containers | CrowdStrike | Kubernetes | security | vulnerability
Comments