CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0532 – cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
https://notcve.org/view.php?id=CVE-2022-0532
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. Se ha encontrado una vulnerabilidad de comprobación incorrecta de sysctls en CRI-O versiones 1.18 y anteriores. Las sysctls de la lista de sysctls "safe" especificadas para el cluster serán aplicadas al host si un atacante es capaz de crear un pod con un espacio de nombres del kernel hostIPC y hostNetwork An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a `hostIPC` and `hostNetwork` kernel namespace. • https://bugzilla.redhat.com/show_bug.cgi?id=2051730 https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls https://access.redhat.com/security/cve/CVE-2022-0532 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-4178 – kubernetes-client: Insecure deserialization in unmarshalYaml method
https://notcve.org/view.php?id=CVE-2021-4178
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. Se ha encontrado un fallo de ejecución de código arbitrario en el cliente de Kubernetes Fabric 8 afectando a versiones 5.0.0-beta-1 y superiores. Debido a una configuración incorrecta del análisis de YAML, esto permitirá a un atacante local y con privilegios suministrar YAML malicioso. • https://access.redhat.com/security/cve/CVE-2021-4178 https://bugzilla.redhat.com/show_bug.cgi?id=2034388 https://github.com/advisories/GHSA-98g7-rxmf-rrxm https://github.com/fabric8io/kubernetes-client/issues/3653 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4112 – ansible-tower: Privilege escalation via job isolation escape
https://notcve.org/view.php?id=CVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. Se ha encontrado un fallo en ansible-tower en el que la instalación por defecto es vulnerable al escape de aislamiento de trabajos. Este fallo permite a un atacante elevar el privilegio de un usuario con pocos privilegios a un usuario AWX desde fuera del entorno aislado. • https://access.redhat.com/security/cve/CVE-2021-4112 https://bugzilla.redhat.com/show_bug.cgi?id=2028121 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0487
https://notcve.org/view.php?id=CVE-2022-0487
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en la función rtsx_usb_ms_drv_remove en el archivo drivers/memstick/host/rtsx_usb_ms.c en memstick en el kernel de Linux. En este fallo, un atacante local con un privilegio de usuario puede afectar a la confidencialidad del sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=2044561 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5095 https://www.debian.org/security/2022/dsa-5096 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-4093 – kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io
https://notcve.org/view.php?id=CVE-2021-4093
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario. Se ha encontrado un fallo en el código de AMD de KVM para soportar la Virtualización Segura Encriptada-Estado Encriptado (SEV-ES). Un huésped de KVM que use SEV-ES puede desencadenar lecturas y escrituras fuera de límites en el núcleo anfitrión por medio de un VMGEXIT malicioso para una instrucción de E/S de cadena (por ejemplo, outs o ins) usando el motivo de salida SVM_EXIT_IOIO. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2222 https://bugzilla.redhat.com/show_bug.cgi?id=2028584 https://access.redhat.com/security/cve/CVE-2021-4093 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •