CrowdStrike’s Cloud Threat Research team has published the discovery of a new zero-day vulnerability (dubbed “cr8escape”) in CRI-O (a container runtime engine underpinning Kubernetes).
If exploited, an attacker could escape from a Kubernetes container and gain root access to the host and be able to move anywhere in the cluster to perform a variety of attacks, including execution of malware, exfiltration of data, etc.
This vulnerability can be detected by the Falcon Linux sensor or in the Falcon Cloud Workload Protection module. CrowdStrike disclosed the vulnerability to Kubernetes, who worked with CRI-O to issue a patch that was released today. The CVE score is 8.8 (High) and the potential impact is widespread, as many software and platforms use CRI-O by default. It is recommended that CRI-O users patch immediately.