CVE-2022-0567 A flaw was found in ovn-kubernetes

This issue affects the following products and versions: OVN — version 2.6. The latest version at the time of writing is 3.7.0 — version 2.6. The latest version at the time of writing is 3.7.0 — Kubernetes version 1.9.7 — Kubernetes version 1.9.7 — Kubernetes version 1.10.0 — Kubernetes version 1.10.0 — Kubernetes version 1.11.0 — Kubernetes version 1.11.0 — Kubernetes version 1.12.0 — Kubernetes version 1.12.0 — Kubernetes version 1.13.0 — Kubernetes version 1.13.0 — Kubernetes version 1.14.0 — Kubernetes version 1.14.0 — Kubernetes version 1.15.0 — Kubernetes version 1.15.0 — Kubernetes version 1.16.0 — Kubernetes version 1.16.0 — Kubernetes version 1.17.0 — Kubernetes version 1.17.0 — Kubernetes version 1.18.0 — Kubernetes version 1.18.0 — Kubernetes version 1.19.0 — Kubernetes version 1.19.0 — Kubernetes version

How to Fix OVN (Open vSwitch Network)

If you are experiencing problems with OVN, it is possible the following are contributing factors:

- Open vSwitch on Linux or FreeBSD has been updated to version 2.6.

- The system time is incorrect.
- Networking has not been configured correctly.

Summary

Customers of the Kubernetes project may be affected by a security vulnerability in their software that could lead to authentication bypass. This issue was discovered and reported to Oracle on December 29th, 2018.

What is the issue?

Some users have experienced a privilege escalation vulnerability in version 2.6 of OVN that allows an authenticated user to gain root access on the system.

References: CVE-2022-0567

3.3 .1

Authentication issue
This issue affects the following products and versions: OVN — version 2.6. The latest version at the time of writing is 3.7.0 — version 2.6. The latest version at the time of writing is 3.7.0 — Kubernetes version 1.9.7 — Kubernetes version 1.9.7 — Kubernetes version 1.10.0 — Kubernetes version 1.10.0 — Kubernetes version 1.11.0 — Kubernetes version 1.11.0 — Kubernetes version 1.12.0 — Kubernetes version 1 .12 0— Kubernetes Version 1 .13 . 0—Kubernetes Version 1 .14 . 0—Kuberntese Version 1 .15 . 0—Kuberntese Version 1 .16 . 0—Kuberntese Version 1 .17 . 0—Kuberntese Version 1

Timeline

Published on: 04/20/2022 16:15:00 UTC
Last modified on: 05/04/2022 16:37:00 UTC

References

• https://bugzilla.redhat.com/show_bug.cgi?id=2053326
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0567