High Severity Vulnerability in CRI-O

Published on 18 Mar 2022

Updated on 18 Mar 2022

A high severity vulnerability (CVE-2022-0811) was reported in CRI-O, an open-source container runtime engine of Kubernetes.

Successful exploitation of the vulnerability allows an attacker to perform a variety of actions against other containers, including execution of malware, exfiltration of data, and lateral movement across pods. 

The vulnerability affects CRI-O versions:

  • 1.19.0 to 1.19.5
  • 1.20.0 to 1.20.6
  • 1.21.0 to 1.21.5
  • 1.22.0 to 1.22.2
  • 1.23.0 to 1.23.1

Administrators and users of affected versions are advised to install the latest security updates immediately.

More information is available here:
https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/
https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html
https://www.itnews.com.au/news/cri-o-container-engine-bug-allows-kubernetes-container-escape-577486
https://www.cybersecurity-help.cz/vdb/SB2022031714