{"id":"CVE-2022-0532","details":"An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of \"safe\" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.","aliases":["GHSA-jqmc-79gx-7g8p","GO-2022-0608"],"modified":"2026-04-10T04:42:18.246252Z","published":"2022-02-09T23:15:16.720Z","references":[{"type":"ADVISORY","url":"https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2051730"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes-incubator/cri-o","events":[{"introduced":"0"},{"last_affected":"7d79f42b28ad00cf2e7d86604a5a4007303ac328"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.18"}]}}],"versions":["v0.0.0","v0.1","v0.2","v0.3","v1.0.0-alpha.0","v1.0.0-beta.0","v1.0.0-rc1","v1.18.0","v1.18.0-rc1","v1.9.0-beta.1","v1.9.0-beta.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0532.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"}]}