kubernetes: Fix CVE-2023-2431 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2023-11-13 04:16:09 +0000
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2023-11-21 04:07:47 +0000
commit	86126c9b348ffbe4156fbe489c74829efdb7fb43 (patch)
tree	3f67a9d82f51ea5226a76e96dd7ac06a98d5229a /files
parent	72ef3ba3b2044ca979a7db833d3b60847a84efea (diff)
download	meta-virtualization-86126c9b348ffbe4156fbe489c74829efdb7fb43.tar.gz

kubernetes: Fix CVE-2023-2431

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. CVE: CVE-2023-2431 Affected Versions v1.27.0 - v1.27.1 v1.26.0 - v1.26.4 v1.25.0 - v1.25.9 <= v1.24.13 master branch(kubernetes v1.28.2) is not impacted mickledore branch(kubernetes v1.27.5) is not impacted References: https://nvd.nist.gov/vuln/detail/CVE-2023-2431 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'files')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: