Cybersecurity News in Asia

Features
- Featured
  
  Bridging the data science talent gap for national cyber defenses: Urgent action needed
  
  Monday, April 29, 2024, 10:16 AM Asia/Singapore | Features
- Featured
  
  AI adoption in India: A balancing act worth chatting about
  
  Thursday, April 25, 2024, 2:53 PM Asia/Singapore | Features, Newsletter
- Featured
  
  AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
  
  Monday, April 22, 2024, 4:40 PM Asia/Singapore | Case Study, Features
News
- Featured
  
  The LockBit group may have been busted, but its code lives on
  
  Tuesday, April 30, 2024, 11:34 AM Asia/Singapore | News, Newsletter
- Featured
  
  Were cyberattackers evading detection less efficiently in 2023?
  
  Friday, April 26, 2024, 1:42 PM Asia/Singapore | News, Newsletter
- Featured
  
  How medical devices manufacturer Tuttnauer protects patient and personal-data safety
  
  Tuesday, April 23, 2024, 5:22 PM Asia/Singapore | Case Study, News
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

Patch your CRI-O version immediately if it is 1.19+

By CybersecAsia editors and webmaster webmaster | Thursday, March 17, 2022, 4:11 PM Asia/Singapore

A vulnerability with a score of 8.8 lurks in this version and could lead to arbitrary code execution and data breaches.

A new vulnerability has been discovered in CRI-O, the container runtime engine underpinning Kubernetes.

A flaw introduced in CRI-O version 1.19 allows an attacker to bypass system safeguards and set arbitrary kernel parameters on the host. As a result of this vulnerability, CVE-2022-0811, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the kernel.core_pattern parameter to achieve container escape and arbitrary code execution as root on any node in the cluster.

Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data and lateral movement across pods. The CVE score is 8.8 (High) and the potential impact is widespread, as many software and platforms use CRI-O by default.

The cybersecurity vendor that made the discovery, CrowdStrike, had disclosed it to Kubernetes, which has worked with CRI-O to issue a patch on GitHub. It is recommended that CRI-O users patch the vulnerability—which they have dubbed ‘cr8escape’—immediately.

For remediation at the Kubernetes level:

Ideally, use policies to block pods that contain sysctl settings with “+” or “=” in their value.
Alternatively, use the PodSecurityPolicy forbiddenSysctls field to block all sysctls (block all sysctls as the malicious setting is smuggled in a value).

At the CRI-O level:

Upgrade to a patched version of CRI-O immediately.
Set pinns_path in crio.conf to point to a pinns wrapper that strips the “-s” option before invoking the real pinns. This will prevent pods from updating any kernel parameters, including sensitive ones.
- Pinns, typically found at /usr/bin/pinns, is the utility CRI-O uses to set kernel parameters
Downgrade to CRI-O version 1.18 or earlier (not recommended in most cases)

While the vulnerability is in CRI-O, software and platforms that depend on it are also likely to be vulnerable, including: OpenShift 4+ and Oracle Container Engine for Kubernetes.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Securing Industry 4.0
The world is advancing to Industry 4.0 in full swing, and this is a key …Download Whitepaper
Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more

Cybersecurity News in Asia

Featured

Bridging the data science talent gap for national cyber defenses: Urgent action needed

Featured

AI adoption in India: A balancing act worth chatting about

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

The LockBit group may have been busted, but its code lives on

Featured

Were cyberattackers evading detection less efficiently in 2023?

Featured

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

Patch your CRI-O version immediately if it is 1.19+

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar