GHSA-34vw-m4rh-r36p

Suggest an improvement
Source
https://github.com/advisories/GHSA-34vw-m4rh-r36p
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-34vw-m4rh-r36p/GHSA-34vw-m4rh-r36p.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-34vw-m4rh-r36p
Published
2022-09-16T17:17:37Z
Modified
2022-09-16T17:17:37Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
Details

Impact

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Patches

The fix has been backported to 5.15.64 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.

Kubernetes workloads running in Talos are not affected since user namespaces are disabled in Talos kernel config. So an unprivileged user cannot obtain CAPNETADMIN by unsharing. However untrusted workloads that run with privileged: true or having NET_ADMIN capability poses a risk.

Workarounds

Audit kubernetes workloads running in the cluster with privileged: true set or having NET_ADMIN capability and assess the threat vector.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2022-3028
  • https://access.redhat.com/security/cve/CVE-2022-3028

For more information

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-362",
        "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T17:17:37Z"
}
References

Affected packages

Go / github.com/talos-systems/talos

Package

Name
github.com/talos-systems/talos
View open source insights on deps.dev
Purl
pkg:golang/github.com/talos-systems/talos

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0