CVE-2022-0185 is a Linux kernel bug first reported last week by the Crusaders of Rust CTF team (CoR) that affects versions 5.1-rc1 through the latest versions (5.4.183, 5.10.93,5.15.1). Specifically, this bug is a heap overflow bug in legacy_parse_param() that can be exploited for arbitrary code execution (ACE) or denial of service (DoS) via a system crash. Debian 11, Ubuntu 20+, and Red Hat Enterprise 8.4 GA+ are among the distributions affected. Container escape in Kubernetes is achieved by leveraging an unprivileged namespace or using “unshare” to enter a namespace with the CAP_SYS_ADMIN permission. Researchers from Aquasec observed that default configurations using Docker in a Kubernetes cluster are vulnerable, resulting in shell access with root privileges. A limited proof of concept (PoC) from CoR is currently public and a full exploit PoC is anticipated to be made available by next week.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is