What Does the Latest Linux Kernel Vulnerability Mean for Kubernetes Users and How Prisma Cloud Protects Against it?
On 01/18/2022, an Integer Underflow vulnerability was discovered in the Linux Kernel. The vulnerability, assigned CVE-2022-0185, lies in the legacy_parse_param linux kernel function. If used correctly, the vulnerability can be leveraged to an infinite kernel heap overflow, by bypassing some of the checks implemented in the Linux kernel.
The vulnerability can be triggered by any user with the CAP_SYS_ADMIN privileges. However, the privilege only needs to be granted to the current names...