{"id":"CVE-2022-0532","details":"An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of \"safe\" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.","aliases":["GHSA-jqmc-79gx-7g8p","GO-2022-0608"],"modified":"2026-05-18T05:55:41.696750945Z","published":"2022-02-09T22:05:13Z","database_specific":{"cwe_ids":["CWE-732"],"cna_assigner":"redhat","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0532.json","unresolved_ranges":[{"extracted_events":[{"last_affected":"1.18"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0532.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0532"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2051730"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cri-o/cri-o","events":[{"introduced":"0"},{"last_affected":"7d79f42b28ad00cf2e7d86604a5a4007303ac328"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.18"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*"}}],"versions":["v1.18.0","v1.18.0-rc1","v1.9.0-beta.2","v1.9.0-beta.1","v1.0.0-rc1","v1.0.0-beta.0","v1.0.0-alpha.0","v0.3","v0.2","v0.1","v0.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0532.json"}}],"schema_version":"1.7.5"}