Security bulletins

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. GKE Standard clusters are affected.

GKE Autopilot clusters and clusters using GKE Sandbox are not affected.

What should I do?

The following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your cluster and node pools to one of the following GKE versions:

• 1.22.17-gke.8100
• 1.23.17-gke.2300
• 1.24.12-gke.1100
• 1.25.8-gke.1000
• 1.26.3-gke.1000

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

Both CVE-2023-1281 and CVE-2023-1829 are use-after-free vulnerabilities in the Linux Kernel traffic control index filter (tcindex) that can be exploited to achieve local privilege escalation.

With CVE-2023-1829, the tcindex_delete function does not properly deactivate filters in certain cases which can later lead to double freeing of a data structure.

In CVE-2023-1281, the imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when tcf_exts_exec() is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node.

What should I do?

What vulnerabilities are addressed by this patch?

Both CVE-2023-1281 and CVE-2023-1829 are use-after-free vulnerabilities in the Linux Kernel traffic traffic control index filter (tcindex) that can be exploited to achieve local privilege escalation.

With CVE-2023-1829, the tcindex_delete function does not properly deactivate filters in certain cases which can later lead to double freeing of a data structure.

In CVE-2023-1281, the imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when tcf_exts_exec() is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node.

What should I do?

What vulnerabilities are addressed by this patch?

Both CVE-2023-1281 and CVE-2023-1829 are use-after-free vulnerabilities in the Linux Kernel traffic traffic control index filter (tcindex) that can be exploited to achieve local privilege escalation.

With CVE-2023-1829, the tcindex_delete function does not properly deactivate filters in certain cases which can later lead to double freeing of a data structure.

In CVE-2023-1281, the imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when tcf_exts_exec() is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node.

What should I do?

What vulnerabilities are addressed by this patch?

Both CVE-2023-1281 and CVE-2023-1829 are use-after-free vulnerabilities in the Linux Kernel traffic traffic control index filter (tcindex) that can be exploited to achieve local privilege escalation.

With CVE-2023-1829, the tcindex_delete function does not properly deactivate filters in certain cases which can later lead to double freeing of a data structure.

In CVE-2023-1281, the imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when tcf_exts_exec() is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node.

Anthos clusters on bare metal are not affected by this CVE.

What should I do?

No action required.

Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. GKE clusters, including Autopilot clusters, with COS using Linux Kernel version 5.10 until 5.10.162 are affected. GKE clusters using Ubuntu images or using GKE Sandbox are unaffected.

What should I do?

The following versions of GKE have been updated with code to fix these vulnerabilities. For security purposes, even if you have node-autoupgrade enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• 1.22.17-gke.4000
• 1.23.16-gke.1100
• 1.24.10-gke.1200

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

Vulnerability 1 (CVE-2023-0240): A race condition in io_uring can lead to a full container break out to root on the node. Linux kernel versions 5.10 are affected until 5.10.162.

Vulnerability 2 (CVE-2023-23586): A use after free (UAF) in io_uring/time_ns can lead to a full container break out to root on the node. Linux kernel versions 5.10 are affected until 5.10.162.

Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. Anthos clusters on VMware clusters with COS using Linux Kernel version 5.10 until 5.10.162 are affected. Anthos clusters using Ubuntu images are unaffected.

What should I do?

The following versions of Anthos clusters on VMware have been updated with code to fix these vulnerabilities:

• 1.12.6
• 1.13.5

What vulnerabilities are addressed by this patch?

Vulnerability 1 (CVE-2023-0240): A race condition in io_uring can lead to a full container break out to root on the node. Linux kernel versions 5.10 are affected until 5.10.162.

Vulnerability 2 (CVE-2023-23586): A use after free (UAF) in io_uring/time_ns can lead to a full container break out to root on the node. Linux kernel versions 5.10 are affected until 5.10.162.

Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. Anthos clusters on AWS is not affected by these CVEs.

What should I do?

No action required.

Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. Anthos on Azure is not affected by these CVEs

What should I do?

No action required.

Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. Anthos clusters on bare metal is not affected by these CVEs.

What should I do?

No action required.

A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. GKE clusters, including Autopilot clusters, are impacted. GKE clusters using GKE Sandbox are not affected.

What should I do?

The following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your clusters and node pools to one of the following GKE versions:

• 1.22.17-gke.3100
• 1.23.16-gke.200
• 1.24.9-gke.3200

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-4696, a use-after-free flaw was found in io_uring and ioring_op_splice in the Linux kernel. This flaw allows a local user to create a local privilege escalation.

A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. Anthos clusters on VMware running v1.12 and v1.13 are impacted. Anthos clusters on VMware running v1.14 or later are not affected.

What should I do?

The following versions of Anthos clusters on VMware have been updated with code to fix this vulnerability. We recommend that you upgrade your admin and user clusters to one of the following Anthos clusters on VMware versions:

• 1.12.5
• 1.13.5

What vulnerabilities are addressed by this patch?

With CVE-2022-4696, a use-after-free flaw was found in io_uring and ioring_op_splice in the Linux kernel. This flaw allows a local user to create a local privilege escalation.

A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. Anthos clusters on AWS is unaffected by this vulnerability.

What should I do?

No action is required.

A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. Anthos on Azure is unaffected by this vulnerability.

What should I do?

No action is required.

A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. Anthos clusters on bare metal is unaffected by this vulnerability.

What should I do?

No action is required.

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash. While this has been rated a High in the NVD database, GKE endpoints use boringSSL or an older version of OpenSSL that is not affected, so the rating has been reduced to a Medium for GKE.

What should I do?

The following versions of GKE have been updated with code to fix this vulnerability:

• 1.25.4-gke.1600
• 1.24.8-gke.401
• 1.23.14-gke.401
• 1.22.16-gke.1300
• 1.21.14-gke.14100

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-3786 and CVE-2022-3602, a buffer overrun can be triggered in X.509 certificate verification that can cause a crash that will result in a denial of service. To be exploited, this vulnerability requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer.

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash.

What should I do?

Anthos clusters on VMware is not affected by this CVE as it does not use an impacted version of OpenSSL.

What vulnerabilities are addressed by this patch?

No action required.

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash.

What should I do?

Anthos clusters on AWS is not affected by this CVE as it does not use an impacted version of OpenSSL.

What vulnerabilities are addressed by this patch?

No action required.

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash.

What should I do?

Anthos on Azure is not affected by this CVE as it does not use an impacted version of OpenSSL.

What vulnerabilities are addressed by this patch?

No action required.

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash.

What should I do?

Anthos clusters on bare metal is not affected by this CVE as it does not use an impacted version of OpenSSL.

What vulnerabilities are addressed by this patch?

No action required.

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. GKE clusters, including Autopilot clusters, are impacted.

GKE clusters using GKE Sandbox are not affected.

What should I do?

2023-01-19 Update: Version 1.21.14-gke.14100 is available. Upgrade your node pools to this version or later.

The following versions of GKE have been updated with code to fix this vulnerability in an upcoming release. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• Container-Optimized OS:
  • 1.22.16-gke.1300 and later
  • 1.23.14-gke.401 and later
  • 1.24.7-gke.900 and later
  • 1.25.4-gke.1600 and later
• Ubuntu:
• 1.22.15-gke.2500 and later
• 1.23.13-gke.900 and later
• 1.24.7-gke.900 and later
• 1.25.3-gke.800 and later

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-2602, a race condition between io_uring request processing and Unix socket garbage collection can cause a use-after-free vulnerability. A local attacker could use this to trigger a denial of service or possibly execute arbitrary code.

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

Versions 1.11, 1.12 and 1.13 of Anthos clusters on VMware are affected.

What should I do?

Upgrade your cluster to a patched version. The following versions of Anthos clusters on VMware contain code that fixes this vulnerability:

• 1.13.2
• 1.12.4
• 1.11.5

What vulnerabilities are addressed by this patch?

With CVE-2022-2602, a race condition between io_uring request processing and Unix socket garbage collection can cause a use-after-free vulnerability. A local attacker could use this to trigger a denial of service or possibly execute arbitrary code.

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

What should I do?

The following current and previous generation versions of Anthos clusters on AWS have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on AWS versions:

• Current generation:
  • 1.22.15-gke.100
  • 1.23.11-gke.300
  • 1.24.5-gke.200
• Previous generation:
• 1.22.15-gke.1400
• 1.23.12-gke.1400
• 1.24.6-gke.1300

What vulnerabilities are addressed by this patch?

With CVE-2022-2602, a race condition between io_uring request processing and Unix socket garbage collection can cause a use-after-free vulnerability. A local attacker could use this to trigger a denial of service or possibly execute arbitrary code.

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

What should I do?

The following versions of Anthos on Azure have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos on Azure versions:

• 1.22.15-gke.100
• 1.23.11-gke.300
• 1.24.5-gke.200

What vulnerabilities are addressed by this patch?

With CVE-2022-2602, a race condition between io_uring request processing and Unix socket garbage collection can cause a use-after-free vulnerability. A local attacker could use this to trigger a denial of service or possibly execute arbitrary code.

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

Anthos clusters on bare metal is not affected by this CVE as it does not bundle an operating system in its distribution.

What should I do?

No action required.

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node. GKE clusters, including Autopilot clusters, are impacted.

GKE clusters using GKE Sandbox are not affected.

What should I do?

2023-01-19 Update: Version 1.21.14-gke.14100 is available. Upgrade your node pools to this version or later.

2022-12-16 Update: A previous version of the bulletin has been revised due to a release regression. Please manually upgrade your node pools to one of the following GKE versions:

• 1.22.16-gke.1300 and later
• 1.23.14-gke.401 and later
• 1.24.7-gke.900 and later
• 1.25.4-gke.1600 and later

The following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node-autoupgrade enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• 1.21.14-gke.9500
• 1.24.7-gke.900

Updates for GKE v1.22, 1.23 and 1.25 will be made available soon. This security bulletin will be updated when they become available.

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

• With CVE-2022-2585, improper cleanup of timers in the posix cpu timer allows a use-after-free exploit depending on how timers are created and deleted.
• With CVE-2022-2588, a use-after-free flaw was found in route4_change in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation.

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

Versions 1.13, 1.12 and 1.11 of Anthos clusters on VMware are affected.

What should I do?

2022-12-16 Update: The following versions of Anthos clusters on VMware have been updated with code to fix this vulnerability. We recommend that you upgrade your admin and user clusters to one of the following Anthos clusters on VMware versions:

• 1.13.2
• 1.12.4
• 1.11.6

• Note: Versions of Anthos clusters on VMware that contain Container-Optimized OS patches will be released soon. This security bulletin will be updated when the Anthos clusters on VMware versions are available for download.

What vulnerabilities are addressed by this patch?

• With CVE-2022-2585, improper cleanup of timers in the posix cpu timer allows a use-after-free exploit depending on how timers are created and deleted.
• With CVE-2022-2588, a use-after-free flaw was found in route4_change in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation.

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

The following versions of Kubernetes on AWS may be affected:

• 1.23: Versions older than 1.23.9-gke.800. Newer minor versions are not affected
• 1.22: Versions older than 1.22.12-gke.1100. Newer minor versions are not affected

Kubernetes V1.24 is not affected.

What should I do?

We recommend that you upgrade your clusters to one of the following AWS Kubernetes versions:

• 1.23: a version later than v1.23.9-gke.800
• 1.22: a version later than 1.22.12-gke-1100

What vulnerabilities are being addressed?

With CVE-2022-2585, improper cleanup of timers in the posix cpu timer allows a use-after-free exploit depending on how timers are created and deleted.

With CVE-2022-2588, a use-after-free flaw was found in route4_change in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation.

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

The following versions of Kubernetes on Azure may be affected:

• 1.23: Versions older than 1.23.9-gke.800. Newer minor versions are not affected.
• 1.22: Versions older than 1.22.12-gke.1100. Newer minor versions are not affected.

Kubernetes V1.24 is not affected.

What should I do?

We recommend that you upgrade your clusters to one of the following Azure Kubernetes versions:

• 1.23: a version later than v1.23.9-gke.800
• 1.22: a version later than 1.22.12-gke-1100

What vulnerabilities are being addressed?

With CVE-2022-2585, improper cleanup of timers in the posix cpu timer allows a use-after-free exploit depending on how timers are created and deleted.

With CVE-2022-2588, a use-after-free flaw was found in route4_change in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation.

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

Anthos clusters on bare metal is not affected by this CVE as it does not bundle an operating system in its distribution.

What should I do?

No action required.

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

What should I do?

Google Kubernetes Engine (GKE) doesn't ship with Istio and isn't affected by this vulnerability. However, if you have separately installed Anthos Service Mesh or Istio on your GKE cluster, refer to GCP-2022-020, the Anthos Service Mesh security bulletin on this CVE, for more information.

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh in Anthos clusters on VMware, that allows a malicious attacker to crash the Istio control plane.

What should I do?

The following versions of Anthos clusters on VMware have been updated with code to fix this vulnerability. We recommend that you upgrade your admin and user clusters to one of the following Anthos clusters on VMware versions:

• 1.11.4
• 1.12.3
• 1.13.1

What vulnerabilities are addressed by this patch?

With vulnerability CVE-2022-39278, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker to send a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but doesn't require any authentication from the attacker.

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

What should I do?

Anthos clusters on AWS isn't affected by this vulnerability and no action is required.

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

What should I do?

Anthos on Azure isn't affected by this vulnerability and no action is required.

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh in Anthos clusters on bare metal, that allows a malicious attacker to crash the Istio control plane.

What should I do?

The following versions of Anthos clusters on bare metal have been updated with code to fix this vulnerability. We recommend that you upgrade clusters to one of the following Anthos clusters on bare metal versions:

• 1.11.7
• 1.12.4
• 1.13.1

What vulnerabilities are addressed by this patch?

With vulnerability CVE-2022-39278, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker to send a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but doesn't require any authentication from the attacker.

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that can lead to local privilege escalation. Google Kubernetes Engine (GKE) v1.22, v1.23, and v1.24 clusters, including Autopilot clusters, using Container-Optimized OS version 93 and 97 are impacted. Other supported GKE versions aren't affected. GKE clusters using GKE Sandbox are unaffected.

What should I do?

2022-12-14 Update: A previous version of the bulletin has been revised due to a release regression. Please manually upgrade your node pools to one of the following GKE versions:

• 1.22.15-gke.2500 and later
• 1.23.13-gke.900 and later
• 1.24.7-gke.900 and later

The following versions of GKE using Container-Optimized OS version 93 and 97 have been updated with code to fix this vulnerability in an upcoming release. For security purposes, even if you have node auto-upgrades enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• 1.22.15-gke.2300 and later
• 1.23.13-gke.700 and later
• 1.24.7-gke.700 and later

A recent feature of release channels lets you apply a patch without having to unsubscribe from a channel. This feature lets you secure your nodes until the new version becomes the default for your release-specific channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-20409, the Linux Kernel has a vulnerability in io_identity_cow of the io_uring subsystem. There's a potential for memory corruption due to a Use-After-Free (UAF) vulnerability. A local attacker could use this memory corruption for denial of service (system crash) or possibly to execute arbitrary code.

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that can lead to local privilege escalation.

What should I do?

2022-12-14 Update: The following versions of Anthos clusters on VMware for Ubuntu have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on VMware versions:

• 1.13.1 and later
• 1.12.3 and later
• 1.11.4 and later

What vulnerabilities are addressed by this patch?

With CVE-2022-20409, the Linux Kernel has a vulnerability in io_identity_cow of the io_uring subsystem. There's a potential for memory corruption due to a Use-After-Free (UAF) vulnerability. A local attacker could use this memory corruption for denial of service (system crash) or possibly to execute arbitrary code.

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege.

What should I do?

There's no action required. Anthos clusters on AWS doesn't use the affected versions of the Linux kernel.

What vulnerabilities are addressed by this patch?

With CVE-2022-20409, the Linux Kernel has a vulnerability in io_identity_cow of the io_uring subsystem. There's a potential for memory corruption due to a Use-After-Free (UAF) vulnerability. A local attacker could use this memory corruption for denial of service (system crash) or possibly to execute arbitrary code.

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege.

What should I do?

There's no action required. Anthos on Azure doesn't use the affected versions of the Linux kernel.

What vulnerabilities are addressed by this patch?

With CVE-2022-20409, the Linux Kernel has a vulnerability in io_identity_cow of the io_uring subsystem. There's a potential for memory corruption due to a Use-After-Free (UAF) vulnerability. A local attacker could use this memory corruption for denial of service (system crash) or possibly to execute arbitrary code.

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that can lead to local privilege escalation.

What should I do?

• There's no action required. Anthos clusters on bare metal isn't affected by this CVE as it doesn't bundle an operating system in its distribution.

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

Google Kubernetes Engine (GKE) v1.21 clusters, including Autopilot clusters, using Container-Optimized OS version 89 are impacted. Later versions of GKE aren't affected. All Linux clusters with Ubuntu are affected. GKE clusters using GKE Sandbox are unaffected.

What should I do?

2023-01-19 Update: Version 1.21.14-gke.14100 is available. Upgrade your node pools to this version or later.

2022-12-15 Update: Version 1.21.14-gke.9400 is pending rollout and may be superseded by a higher version number. We will update this doc when said new version is available.

The following versions of GKE have been updated with code to fix this vulnerability in an upcoming release. For security purposes, even if you have node auto-upgrades enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• Container-Optimized OS:
  • 1.21.14-gke.7100 and later
• Ubuntu:
• 1.21.14-gke.9400 and later
• 1.22.15-gke.2400 and later
• 1.23.13-gke.800 and later
• 1.24.7-gke.800 and later
• 1.25.3-gke.700 and later

A recent feature of release channels lets you apply a patch without having to unsubscribe from a channel. This feature lets you secure your nodes until the new version becomes the default for your release-specific channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-3176, the Linux Kernel has a vulnerability in the io_uring subsystem. Missing POLLFREE handling can lead to Use-After-Free (UAF) exploits that can be used for privilege escalation.

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

What should I do?

• Versions of Anthos clusters on VMware with Container-Optimized OS are unaffected.

2022-11-21 Update: The following versions of Anthos clusters on VMware for Ubuntu have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on VMware versions:

• 1.12.3 and later
• 1.13.1 and later
• 1.11.5 and later

Versions of Anthos clusters on VMware that contain Ubuntu patches will be released soon. This security bulletin will be updated when the Anthos clusters on VMware versions are available for download.

What vulnerabilities are addressed by this patch?

With CVE-2022-3176, the Linux Kernel has a vulnerability in the io_uring subsystem. Missing POLLFREE handling can lead to Use-After-Free (UAF) exploits that can be used for privilege escalation.

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

What should I do?

2022-11-21 Update: The following current and previous generation versions of Anthos clusters on AWS have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on AWS versions:

• 1.21.14-gke.7100
• 1.22.15-gke.100
• 1.23.11-gke.300
• 1.24.5-gke.200

• 1.22.15-gke.1400
• 1.23.12-gke.1400
• 1.24.6-gke.1300

Versions of Anthos clusters on AWS that contain Ubuntu patches will be released soon. This security bulletin will be updated when the Anthos clusters on AWS versions are available for download.

What vulnerabilities are addressed by this patch?

With CVE-2022-3176, the Linux Kernel has a vulnerability in the io_uring subsystem. Missing POLLFREE handling can lead to Use-After-Free (UAF) exploits that can be used for privilege escalation.

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

What should I do?

2022-11-21 Update: The following versions of Anthos on Azure have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos on Azure versions:

• 1.21.14-gke.7100
• 1.22.15-gke.100
• 1.23.11-gke.300
• 1.24.5-gke.200

Versions of Anthos on Azure that contain Ubuntu patches will be released soon. This security bulletin will be updated when the Anthos on Azure versions are available for download.

What vulnerabilities are addressed by this patch?

With CVE-2022-3176, the Linux Kernel has a vulnerability in the io_uring subsystem. Missing POLLFREE handling can lead to Use-After-Free (UAF) exploits that can be used for privilege escalation.

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

What should I do?

No action required. Anthos clusters on bare metal isn't affected by this CVE as it doesn't bundle an operating system in its distribution.

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.

Technical details

GKE clusters, including Autopilot clusters, with Container-Optimized OS (COS) using Linux Kernel version 5.10 are affected. GKE clusters using Ubuntu images or using GKE Sandbox are unaffected.

What should I do?

Upgrade your GKE clusters to a version that includes the fix. The Linux node images for COS have been updated along with GKE versions using those COS versions.

For security purposes, even if you have the node autoupgrade enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

COS versions

• 1.22.12-gke.300

• 1.23.8-gke.1900

• 1.24.2-gke.1900

What vulnerabilities are addressed by this patch?

• CVE-2022-2327

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.

Clusters with a Container Optimized OS (COS) image using Anthos clusters on VMware versions 1.10, 1.11, and 1.12 are affected.

What should I do?

2022-09-14 Update: The following versions of Anthos clusters on VMware contain code that fixes this vulnerability.

• 1.10.6 or later
• 1.11.3 or later
• 1.12.1 or later

Versions of Anthos clusters on VMware that contain patches will be released soon. This security bulletin will be updated when the Anthos clusters on VMware versions are available for download.

What vulnerabilities are addressed by this patch?

• CVE-2022-2327

With CVE-2022-2327, the Linux kernel in version 5.10 has a vulnerability in the io_uring subsystem where various requests are missing item types (flags). Using these requests without the proper item types specified can cause privilege escalation to root.

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.

What should I do?

2022-09-14 Update: The following current and previous generation versions of Anthos clusters on AWS have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on AWS versions:

Current generation

• 1.23.8-gke.1700
• 1.22.12-gke.200
• 1.21.14-gke.2100

Previous generation

• 1.23.8-gke.2000
• 1.22.12-gke.300
• 1.21.14-gke.2100

Versions of Anthos clusters on AWS that contain patches will be released soon. This security bulletin will be updated when the Anthos clusters on AWS versions are available for download.

What vulnerabilities are addressed by this patch?

• CVE-2022-2327

With CVE-2022-2327, the Linux kernel in version 5.10 has a vulnerability in the io_uring subsystem where various requests are missing item types (flags). Using these requests without the proper item types specified can cause privilege escalation to root.

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.

What should I do?

2022-09-14 Update: The following versions of Anthos on Azure have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos on Azure versions:

• 1.23.8-gke.1700
• 1.22.12-gke.200
• 1.21.14-gke.2100

Versions of Anthos on Azure that contain patches will be released soon. This security bulletin will be updated when the Anthos on Azure versions are available for download.

What vulnerabilities are addressed by this patch?

• CVE-2022-2327

With CVE-2022-2327, the Linux kernel in version 5.10 has a vulnerability in the io_uring subsystem where various requests are missing item types (flags). Using these requests without the proper item types specified can cause privilege escalation to root.

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.

What should I do?

There is no action required. Anthos on bare metal is not affected by this CVE as it does not bundle an operating system in its distribution.

2022-11-22 update: Workloads using GKE Sandbox are not affected by these vulnerabilities.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected.

What should I do?

The versions of Linux node images for Container-Optimized OS for the following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node-autoupgrade enabled, we recommend that you manually upgrade your node pools to one of the following upcoming GKE versions:

• 1.22.10-gke.600
• 1.23.7-gke.1400
• 1.24.1-gke.1400

A recent release channels feature allows you to apply a patch without having to unsubscribe from a channel. This lets you upgrade your nodes to the patched version before that version becomes the default in your selected release channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-1786, a use-after-free flaw was found in the Linux kernel's io_uring subsystem. If a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on the ring, a local user can crash or escalate their privileges on the system.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node.

What should I do?

2022-07-21 Update: The following versions of Anthos clusters on VMware contain code that fixes this vulnerability.

COS

• 1.10.5 or later
• 1.11.2 or later
• 1.12.0 or later

Ubuntu

There is no action required. Anthos clusters on VMware does not use the affected versions of the Linux kernel.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node.

What should I do?

There is no action required. Anthos clusters on AWS does not use the affected versions of the Linux kernel.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node.

What should I do?

There is no action required. Anthos on Azure does not use the affected versions of the Linux kernel.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node.

What should I do?

There is no action required. Anthos on bare metal is not affected by this CVE as it does not bundle an operating system in its distribution.

2022-11-22 update: Autopilot clusters are not affected by CVE-2022-29581 but are vulnerable to CVE-2022-29582 and CVE-2022-1116.

2022-07-29 update: Pods using GKE Sandbox are not vulnerable to these vulnerabilities.

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected.

What should I do?

The versions of Linux node images for both Container-Optimized OS and Ubuntu for the following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• Container-Optimized OS:
  • 1.19.16-gke.13800
  • 1.20.15-gke.8000
  • 1.21.12-gke.1500
  • 1.22.9-gke.1300
  • 1.23.6-gke.1500
  • 1.24.1-gke.1400
• Ubuntu:
  • 1.20.15-gke.9600
  • 1.21.13-gke.900
  • 1.22.10-gke.600
  • 1.23.7-gke.1400
  • 1.24.1-gke.1400

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you upgrade your nodes to the patched version before that version becomes the default in your selected release channel.

What vulnerabilities are addressed by this patch?

With CVE-2022-29582, the Linux kernel in versions prior to 5.17.3 has a use-after-free due to a race condition in io_uring timeouts.

CVE-2022-29581 and CVE-2022-1116 are vulnerabilities where a local attacker can cause memory corruption in io_uring or net/sched in the Linux kernel to escalate privileges to root.

2022-07-29 Update: The following versions of Anthos clusters on VMware contain code that fixes these vulnerabilities.

• 1.9.7 or later
• 1.10.5 or later
• 1.11.2 or later
• 1.12.0 or later

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. These vulnerabilities affect Anthos clusters on VMware v1.9 and later for Container-Optimized OS and Ubuntu images.

What should I do?

Versions of Anthos clusters on VMware that contain patches will be released soon. This security bulletin will be updated when the Anthos clusters on VMware versions are available for download.

What vulnerabilities are addressed by this patch?

With CVE-2022-29582, the Linux kernel in versions prior to 5.17.3 has a use-after-free due to a race condition in io_uring timeouts.

CVE-2022-29581 and CVE-2022-1116 are vulnerabilities where a local attacker can cause memory corruption in io_uring or net/sched in the Linux kernel to escalate privileges to root.

2022-07-29 Update: Update: The following current and previous generation versions of Anthos clusters on AWS have been updated with code to fix these vulnerabilities. We recommend that you upgrade your nodes to one of the following Anthos clusters on AWS versions:

Current generation:

• 1.23.7-gke.1300
• 1.22.10-gke.1500
• 1.21.11-gke.1900

• 1.23.7-gke.1500
• 1.22.10-gke.1500
• 1.21.13-gke.1600

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. These vulnerabilities affect all versions of Anthos clusters on AWS.

What should I do?

Versions of Anthos clusters on AWS that contain patches will be released soon. This security bulletin will be updated when the Anthos clusters on AWS versions are available for download.

What vulnerabilities are addressed by this patch?

With CVE-2022-29582, the Linux kernel in versions prior to 5.17.3 has a use-after-free due to a race condition in io_uring timeouts.

CVE-2022-29581 and CVE-2022-1116 are vulnerabilities where a local attacker can cause memory corruption in io_uring or net/sched in the Linux kernel to escalate privileges to root.

2022-07-29 Update: Update: The following versions of Anthos on Azure have been updated with code to fix these vulnerabilities. We recommend that you upgrade your nodes to one of the following Anthos on Azure versions:

• 1.23.7-gke.1300
• 1.22.10-gke.1500
• 1.21.11-gke.1900

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. These vulnerabilities affect all versions of Anthos on Azure.

What should I do?

Versions of Anthos on Azure that contain patches will be released soon. This security bulletin will be updated when the Anthos on Azure versions are available for download.

What vulnerabilities are addressed by this patch?

With CVE-2022-29582, the Linux kernel in versions prior to 5.17.3 has a use-after-free due to a race condition in io_uring timeouts.

CVE-2022-29581 and CVE-2022-1116 are vulnerabilities where a local attacker can cause memory corruption in io_uring or net/sched in the Linux kernel to escalate privileges to root.

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node.

What should I do?

There is no action required. Anthos on bare metal is not affected by this vulnerability as it does not bundle an operating system in its distribution.

2022-11-22 update: GKE Autopilot clusters and workloads running in GKE Sandbox are unaffected by these vulnerabilities.

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu).

Technical details

In CVE-2022-1055, an attacker can exploit use-after-free in tc_new_tfilter() which allows a local attacker in the container to escalate privileges to root on node.

In CVE-2022-27666, buffer overflow in esp/esp6_output_head allows a local attacker in the container to escalate privileges to root on the node.

What should I do?

The versions of Linux node images for the following versions of GKE have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following upcoming GKE versions:

• 1.19.16-gke.11000 and later
• 1.20.15-gke.5200 and later
• 1.21.11-gke.1100 and later
• 1.22.8-gke.200 and later
• 1.23.5-gke.1500 and later

What vulnerabilities are addressed by this patch?

• CVE-2022-1055
• CVE-2022-27666

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu).

Technical details

In CVE-2022-1055, an attacker can exploit use-after-free in tc_new_tfilter() which allows a local attacker in the container to escalate privileges to root on node.

In CVE-2022-27666, buffer overflow in esp/esp6_output_head allows a local attacker in the container to escalate privileges to root on the node.

What should I do?

Upgrade your cluster to a patched version. The following Anthos clusters on VMware versions or newer contain the fix for this vulnerability:

• 1.9.6 (upcoming)
• 1.10.3
• 1.11.0 (upcoming)

What vulnerabilities are addressed by this patch?

• CVE-2022-1055
• CVE-2022-27666

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu).

Technical details

In CVE-2022-1055, an attacker can exploit use-after-free in tc_new_tfilter() which allows a local attacker in the container to escalate privileges to root on node.

In CVE-2022-27666, buffer overflow in esp/esp6_output_head allows a local attacker in the container to escalate privileges to root on the node.

What should I do?

2022-05-12 Update: The following current and previous generation versions of Anthos clusters on AWS have been updated with code to fix these vulnerabilities. We recommend that you upgrade your nodes to one of the following Anthos clusters on AWS versions:

• 1.21.11-gke.1100
• 1.22.8-gke.1300

• 1.20.15-gke.5200
• 1.21.11-gke.1100
• 1.22.8-gke.1300

Upgrade your cluster to a patched version. Patches will be available in an upcoming release. This bulletin will be updated when they are available.

What vulnerabilities are addressed by this patch?

• CVE-2022-1055
• CVE-2022-27666

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu).

Technical details

In CVE-2022-1055, an attacker can exploit use-after-free in tc_new_tfilter() which allows a local attacker in the container to escalate privileges to root on node.

In CVE-2022-27666, buffer overflow in esp/esp6_output_head allows a local attacker in the container to escalate privileges to root on the node.

What should I do?

2022-05-12 Update: The following versions of Anthos on Azure have been updated with code to fix these vulnerabilities. We recommend that you upgrade your nodes to one of the following Anthos on Azure versions:

• 1.21.11-gke.1100
• 1.22.8-gke.1300

Upgrade your cluster to a patched version. Patches will be available in an upcoming release. This bulletin will be updated when they are available.

What vulnerabilities are addressed by this patch?

• CVE-2022-1055
• CVE-2022-27666

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu).

Technical details

In CVE-2022-1055, an attacker can exploit use-after-free in tc_new_tfilter() which allows a local attacker in the container to escalate privileges to root on node.

In CVE-2022-27666, buffer overflow in esp/esp6_output_head allows a local attacker in the container to escalate privileges to root on the node.

What should I do?

There is no action required. Anthos on bare metal is not affected by this CVE as it does not include Linux as part of its package. You should ensure that the node images you use are updated to versions that contain the fix for CVE-2022-1055 and CVE-2022-27666.

What vulnerabilities are addressed by this patch?

• CVE-2022-1055
• CVE-2022-27666

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.

This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). This vulnerability affects all GKE node operating systems (Container-Optimized OS and Ubuntu) which use containerd by default. All GKE, Autopilot, and GKE Sandbox nodes are affected.

What should I do?

The versions of Linux node images for the following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node-autoupgrade enabled, we recommend that you manually upgrade your nodes to one of the following GKE versions:

• 1.19.16-gke.9400
• 1.20.15-gke.3600
• 1.21.10-gke.1500
• 1.22.7-gke.1500
• 1.23.4-gke.1500

A recent feature of release channels allows you to apply a patch without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your specific release channel.

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.

This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). This vulnerability affects all Anthos clusters on VMware with stackdriver enabled, which uses containerd. Anthos clusters on VMware versions 1.8, 1.9, and 1.10 are affected

What should I do?

2022-04-22 Update: The following versions of Anthos clusters on VMware contain code that fixes this vulnerability.

• 1.9.5 or later
• 1.10.3 or later
• 1.11.0 or later

The following versions of Anthos clusters on VMware have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on VMware versions:

• 1.8.8 or later
• 1.9.5 or later
• 1.10.2 or later

This CVE can be mitigated by setting IgnoreImageDefinedVolumes to true.

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.

This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). All Anthos clusters on AWS versions are affected.

What should I do?

The following versions of Anthos clusters on AWS have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos clusters on AWS versions.

Anthos clusters on AWS (current generation)

• Version 1.22: 1.22.8-gke.200
• Version 1.21: 1.21.11-gke.100

Anthos clusters on AWS (previous generation)

• Version 1.22: 1.22.8-gke.300
• Version 1.21: 1.21.11-gke.100
• Version 1.20: 1.20.15-gke.2200

This CVE can be mitigated by setting IgnoreImageDefinedVolumes to true.

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.

This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). All Anthos on Azure versions are affected.

What should I do?

The following versions of Anthos on Azure have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes as follows:

• Version 1.22: 1.22.8-gke.200
• Version 1.21: 1.21.11-gke.100

This CVE can be mitigated by setting IgnoreImageDefinedVolumes to true.

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.

This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). This vulnerability affects all Anthos on bare metal which use containerd. Anthos on bare metal versions 1.8, 1.9, and 1.10 are affected

What should I do?

2022-04-22 Update: The following versions of Anthos on bare metal contain code that fixes this vulnerability.

• 1.8.9 or later
• 1.9.6 or later
• 1.10.3 or later
• 1.11.0 or later

The following versions of Anthos on bare metal have been updated with code to fix this vulnerability. We recommend that you upgrade your nodes to one of the following Anthos on bare metal versions:

• 1.8.8 or later
• 1.9.5 or later
• 1.10.2 or later

This CVE can be mitigated by setting IgnoreImageDefinedVolumes to true.

2022-11-22 update: Workloads using GKE Sandbox are not affected by these vulnerabilities.

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects all GKE node pool versions v1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later). GKE node pools that use the Ubuntu OS are not affected.

What should I do?

The versions of Linux node images for the following versions of GKE have been updated with code to fix this vulnerability. For security purposes, even if you have node-autoupgrade enabled, we recommend that you manually upgrade your node pools to one of the following GKE versions:

• 1.22.7-gke.1500 and later
• 1.23.4-gke.1600 and later

A recent feature of release channels allows you to apply a patch version of other release channels without having to unsubscribe from a channel. This lets you secure your nodes until the new version becomes the default for your release specific channel.

What vulnerabilities are addressed by this patch?

CVE-2022-0847 relates to the PIPE_BUF_FLAG_CAN_MERGE flag that was introduced in version 5.8 of the Linux kernel. In this vulnerability, the "flags" member of the new pipe buffer structure was lacking proper initialization in the Linux kernel. An unprivileged local attacker can use this flaw to write to pages in the page cache backed by read only files and escalate their privileges.

New versions of Container-Optimized OS that fix this issue have been integrated into the updated node pool versions of GKE.

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate privileges to root. This vulnerability affects Anthos clusters on VMware v1.10 for Container-Optimized OS images. Currently, Anthos clusters on VMware with Ubuntu is on kernel version 5.4 and is not vulnerable to this attack.

What should I do?

The versions of Linux node images for the following versions of Anthos clusters on VMware have been updated with code to fix this vulnerability. We recommend that you upgrade your admin and user clusters to the following Anthos clusters on VMware version:

• 1.10.3

What vulnerabilities are addressed by this patch?

CVE-2022-0847 relates to the PIPE_BUF_FLAG_CAN_MERGE flag that was introduced in version 5.8 of the Linux kernel. In this vulnerability, the "flags" member of the new pipe buffer structure was lacking proper initialization in the Linux kernel. An unprivileged local attacker can use this flaw to write to pages in the page cache backed by read only files and escalate their privileges.

New versions of Container-Optimized OS that fix this issue have been integrated into the updated versions of Anthos clusters on VMware.

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate privileges to root.

This vulnerability affects managed clusters of Anthos clusters on AWS v1.21 and clusters running on Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu.

What should I do?

The versions of Linux node images for the following versions of Anthos clusters on AWS have been updated with code to fix this vulnerability.

For managed Anthos clusters on AWS, we recommend that you upgrade your user clusters and nodepool to one of the following versions:

• 1.21.11-gke.100

For k-lite Anthos clusters on AWS, we recommend that you upgrade your AWSManagementService, AWSCluster and AWSNodePool objects to the following version:

• 1.21.11-gke.100
• 1.20.15-gke.2200

What vulnerabilities are addressed by this patch?

CVE-2022-0847 relates to the PIPE_BUF_FLAG_CAN_MERGE flag that was introduced in version 5.8 of the Linux kernel. In this vulnerability, the "flags" member of the new pipe buffer structure was lacking proper initialization in the Linux kernel. An unprivileged local attacker can use this flaw to write to pages in the page cache backed by read only files and escalate their privileges.

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate privileges to root. This vulnerability affects managed clusters of Anthos on Azure v1.21 which use Ubuntu.

What should I do?

The versions of Linux node images for the following versions of Anthos on Azure have been updated with code to fix this vulnerability. We recommend that you upgrade your user clusters and nodepool to the following version:

• 1.21.11-gke.100

What vulnerabilities are addressed by this patch?

CVE-2022-0847 relates to the PIPE_BUF_FLAG_CAN_MERGE flag that was introduced in version 5.8 of the Linux kernel. In this vulnerability, the "flags" member of the new pipe buffer structure was lacking proper initialization in the Linux kernel. An unprivileged local attacker can use this flaw to write to pages in the page cache backed by read only files and escalate their privileges.

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate privileges to root.

What should I do?

There is no action required. Anthos on bare metal is not affected by this CVE as it does not include Linux as part of its package. You should ensure that the node images you use are updated to versions that contain the fix for CVE-2022-0847.

Update 2022-08-11: Added more information about the Simultaneous Multi-Threading (SMT) configuration. SMT was intended to be disabled, but was enabled on the versions listed.

If you manually enabled SMT for a sandboxed node pool, SMT will remain manually enabled despite this issue.

There is a misconfiguration with Simultaneous Multi-Threading (SMT), also known as Hyper-threading, on GKE Sandbox images. The misconfiguration leaves nodes potentially exposed to side channel attacks such as Microarchitectural Data Sampling (MDS) (for more context, see GKE Sandbox documentation). We do not recommend using the following affected versions:

• 1.22.4-gke.1501
• 1.22.6-gke.300
• 1.23.2-gke.300
• 1.23.3-gke.600

If you manually enabled SMT for a node pool, then this issue does not affect your sandboxed nodes.

What should I do?

Upgrade your nodes to one of the following versions:

• 1.22.6-gke.1500 and later
• 1.23.3-gke.1100 and later

What vulnerability is addressed by this patch?

GKE Sandbox nodes have SMT disabled by default, mitigating side-channel attacks.

Update 2022-03-15: Added hardening guides for Anthos clusters on AWS (GKE on AWS) and Anthos on Azure. Added a section on persistence using webhooks.

Some unexpected paths to access the node VM on GKE Autopilot clusters could have been used to escalate privileges in the cluster. These issues have been fixed and no further action is required. The fixes address issues reported through our Vulnerability Reward Program.

GKE Standard and Anthos clusters users can optionally apply a similar hardening policy as described below.

Technical details

Host access using third party policy exemptions

In order to allow Google Cloud to offer full management of nodes, and a Pod-level SLA, GKE Autopilot restricts some highly privileged Kubernetes primitives to limit workloads from having low-level access to the node VM. To set this in context: GKE Standard presents full access to the underlying compute, Autopilot presents limited access, and Cloud Run presents no access.

Autopilot relaxes some of those restrictions for a predefined list of third party tools to allow customers to run those tools on Autopilot without modification. Using privileges to create pods with host path mounts, the researcher was able to run a privileged container in a pod that looked like one of these allowlisted third party tools to gain access to the host.

The ability to schedule pods in this way is expected on GKE Standard, but not on GKE Autopilot, as it bypassed the host-access restrictions used to enable the SLA described previously.

This issue was fixed by tightening the third party allow-listing pod specification.

Privilege escalation from root-on-node

In addition to the host access, the stackdriver-metadata-agent-cluster-level and the metrics-server pods were identified as highly privileged. After gaining root-level access to the node, these services could be used to gain further control over the cluster.

We have deprecated and removed the stackdriver-metadata-agent for both GKE Standard and Autopilot. This component is still in use on Anthos clusters on VMware and Anthos on bare metal.

As a system hardening measure to prevent this type of attack in the future, we'll apply an Autopilot constraint in an upcoming release that prevents updates to the service account of various objects in the kube-system namespace. We developed a Gatekeeper policy for you to apply similar protection to GKE Standard clusters and Anthos clusters to prevent privileged workload self-modification. This policy is applied automatically for Autopilot clusters. For instructions, refer to the following hardening guides:

• GKE Standard
• Anthos clusters on VMware
• Anthos on bare metal
• Update 2022-03-15: Anthos clusters on AWS
• Update 2022-03-15: Anthos on Azure

Addition 2022-03-15: Persistence using mutating webhooks

Mutating webhooks were used in the report to establish a privileged foothold in the cluster post-compromise. These are standard parts of the Kubernetes API created by cluster admins, and were made visible to administrators when Autopilot added support for customer-defined webhooks.

Privileged service accounts in the default namespace

Autopilot policy enforcers previously allowlisted two service accounts in the default namespace: csi-attacher and otelsvc to give the service accounts special privileges. An attacker with high privileges, including permissions to create ClusterRoleBinding objects and with access to create pods in the default namespace, could use these service account names to access those additional privileges. These services were moved under the kube-system namespace to get the protection of existing Autopilot policy. GKE Standard clusters and Anthos clusters are unaffected.

What should I do?

All GKE Autopilot clusters have had their policies updated to remove the unintended host access and no further action is required.

Further policy hardening will be applied to Autopilot in the coming weeks as a secondary protection. No action is required.

GKE Standard clusters and Anthos clusters are unaffected as users already have access to the host. As a system hardening measure, GKE Standard clusters and Anthos clusters users can apply similar protection with a Gatekeeper policy that prevents privileged workload self-modification. For instructions, refer to the following hardening guides:

• GKE Standard
• Anthos clusters on VMware
• Anthos on bare metal
• Update 2022-03-15: Anthos clusters on AWS
• Update 2022-03-15: Anthos on Azure

What should I do?

• If you're using Anthos Service Mesh 1.12, upgrade to v1.12.4-asm.0.
• If you're using Anthos Service Mesh 1.11, upgrade to v1.11.7-asm.1.
• If you're using Anthos Service Mesh 1.10, upgrade to v1.10.6-asm.1.

• If you're using Istio-on-GKE 1.6, upgrade to v1.6.14-gke.8.
• If you're using Istio-on-GKE 1.4.11, upgrade to v1.4.11-gke.4.
• If you're using Istio-on-GKE 1.4.10, upgrade to v1.4.10-gke.23.
• If you are using GKE 1.22 or higher, please use Istio GKE 1.4.10. Otherwise, use Istio-on-GKE 1.4.11.

What vulnerabilities are addressed by this patch?

• CVE-2021-43824 (CVSS score 6.5, Medium): Potential null pointer dereference when using JWT filter safe_regex match.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use JWT filter regex.
• CVE-2021-43825 (CVSS score 6.1, Medium): Use-after-free when response filters increase response data, and increased data exceeds downstream buffer limits.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use a decompress filter.
• CVE-2021-43826 (CVSS score 6.1, Medium): Use-after-free when tunneling TCP over HTTP, if downstream disconnects during upstream connection establishment.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use a tunneling filter.
• CVE-2022-21654 (CVSS score 7.3, High): Incorrect configuration handling allows mTLS session reuse without re-validation after validation settings have changed.
  Note: All ASM/Istio-on-GKE services using mTLS are impacted by this CVE.
• CVE-2022-21655 (CVSS score 7.5, High): Incorrect handling of internal redirects to routes with a direct response entry.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use a direct response filter.
• CVE-2022-23606 (CVSS score 4.4, Medium): Stack exhaustion when a cluster is deleted via Cluster Discovery Service.
  Note: ASM 1.11+ are impacted by this CVE. ASM 1.10 and All Istio-on-GKE are not impacted by this CVE.
• CVE-2022-21657 (CVSS Score 3.1, Low): Envoy through 1.20.1 contains a remotely exploitable vulnerability due to X.509 Extended Key Usage and Trust Purposes bypass.
• CVE-2022-21656 (CVSS Score 3.1, Low): Envoy through 1.20.1 contains a remotely exploitable vulnerability due to X.509 subjectAltName matching (and nameConstraints) bypass.

Istio recently released one security vulnerability fix. Anthos on VMware is impacted because Istio is used for ingress. The Istio CVEs we are fixing are listed below. We will update this bulletin with specific versions when they're available:

2022-04-28 Addition: What should I do?

The following versions of Anthos clusters on VMware fix these vulnerabilities:

• 1.9.5
• 1.10.3
• 1.11.0

What vulnerabilities are addressed by this patch?

• CVE-2021-43824 (CVSS score 6.5, Medium): Potential null pointer dereference when using JWT filter safe_regex match.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use JWT filter regex.
• CVE-2021-43825 (CVSS score 6.1, Medium): Use-after-free when response filters increase response data, and increased data exceeds downstream buffer limits.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use a decompress filter.
• CVE-2021-43826 (CVSS score 6.1, Medium): Use-after-free when tunneling TCP over HTTP, if downstream disconnects during upstream connection establishment.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use a tunneling filter.
• CVE-2022-21654 (CVSS score 7.3, High): Incorrect configuration handling allows mTLS session reuse without re-validation after validation settings have changed.
  Note: All ASM/Istio-on-GKE services using mTLS are impacted by this CVE.
• CVE-2022-21655 (CVSS score 7.5, High): Incorrect handling of internal redirects to routes with a direct response entry.
  Note: Although ASM/Istio-on-GKE do not support Envoy filters, you could be impacted if you use a direct response filter.
• CVE-2022-23606 (CVSS score 4.4, Medium): Stack exhaustion when a cluster is deleted via Cluster Discovery Service.
  Note: ASM 1.11+ are impacted by this CVE. ASM 1.10 and All Istio-on-GKE are not impacted by this CVE.
• CVE-2022-21657 (CVSS Score 3.1, Low): Envoy through 1.20.1 contains a remotely exploitable vulnerability due to X.509 Extended Key Usage and Trust Purposes bypass.
• CVE-2022-21656 (CVSS Score 3.1, Low): Envoy through 1.20.1 contains a remotely exploitable vulnerability due to X.509 subjectAltName matching (and nameConstraints) bypass.

• CVE-2022-23635 (CVSS score 7.5, High): Istiod crashes upon receiving requests with a specially crafted `authorization` header.
  Note: All ASM/Istio-on-GKE are impacted by this CVE.

What vulnerabilities are addressed by this patch?

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout.

What should I do?

2022-05-16 Update: In addition to the GKE versions mentioned in the 2022-05-12 update, GKE version 1.19.16-gke.7800 or later also contains code that fixes this vulnerability.

2022-05-12 Update: The following versions of GKE contain code that fixes this vulnerability:

• 1.20.15-gke.5600 or later
• 1.21.11-gke.1500 or later
• 1.22.8-gke.1800 or later
• 1.23.5-gke.1800 or later

The vulnerability is found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function and can be used as a container breakout. GKE is unaffected due to protection from the default AppArmor profile on Ubuntu and COS. However, some customers may still be vulnerable if they have loosened security restrictions on pods through modification of the Pod or container securityContext field e.g. by disabling/changing the AppArmor profile, which is not recommended. In addition to the default AppArmor profile, these features also protect against the vulnerability:

• GKE Autopilot is unaffected due to the default seccomp profile.
• Update 2022-02-15: gVisor (GKE Sandbox) is unaffected as gVisor doesn't allow access to the vulnerable system call on the host.

Patches will be available in an upcoming release. This bulletin will be updated when they are available.

What vulnerability is addressed by this patch?

CVE-2022-0492

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout.

What should I do?

2022-05-12 Update: The following versions of Anthos clusters on VMware contain code that fixes this vulnerability.

• 1.8.8 or later
• 1.9.5 or later
• 1.10.2 or later
• 1.11.0 or later

• 1.9.6 or later
• 1.10.3 or later
• 1.11.0 or later

The vulnerability is found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function and can be used as a container breakout. Anthos clusters on VMware are unaffected due to protection from the default AppArmor profile on Ubuntu and COS. However, some customers may still be vulnerable if they have loosened security restrictions on pods through modification of the Pod or container securityContext field e.g. by disabling/changing the AppArmor profile, which is not recommended.

Patches will be available in an upcoming release. This bulletin will be updated when they are available.

What vulnerability is addressed by this patch?

CVE-2022-0492

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout.

What should I do?

2022-05-12 Update: The following versions of current and previous generation Anthos clusters on AWS contain code that fixes this vulnerability:

• 1.21.11-gke.1100
• 1.22.8-gke.1300

• 1.22.8-gke.1300
• 1.21.11-gke.1100
• 1.20.15-gke.5200

Update 2022-02-23: Added note for Anthos clusters on AWS.

Anthos clusters on AWS previous and current generations are unaffected due to protection from the default AppArmor profile on Ubuntu. However, some customers may still be vulnerable if they have loosened security restrictions on pods through modification of the Pod or container securityContext field e.g. by disabling/changing the AppArmor profile, which is not recommended.

Patches will be available in an upcoming release. This bulletin will be updated when they are available.

What vulnerability is addressed by this patch?

CVE-2022-0492

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout.

What should I do?

2022-05-12 Update: The following versions of Anthos on Azure contain code that fixes this vulnerability:

• 1.21.11-gke.1100
• 1.22.8-gke.1300

Anthos on Azure are unaffected due to protection from the default AppArmor profile on Ubuntu. However, some customers may still be vulnerable if they have loosened security restrictions on pods through modification of the Pod or container securityContext field e.g. by disabling/changing the AppArmor profile, which is not recommended.

Patches will be available in an upcoming release. This bulletin will be updated when they are available.

What vulnerability is addressed by this patch?

CVE-2022-0492

• 1.20.15-gke.300
• 1.21.9-gke.300
• 1.22.6-gke.1000

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how NSS is used/configured. Both GKE COS and Ubuntu images have a vulnerable version installed, and need to be patched.

Potentially, CVE-2021-43527 can have a wide impact across applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS#7, or PKCS#12. As well as applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted. Impact depends on how NSS is used/configured.

GKE doesn't use libnss3 for any Internet-accessible APIs. The impact is limited to on-host code running outside containers, which is small due to the minimal design of Chrome OS. GKE code running inside containers using the golang distroless base image is unaffected.

What should I do?

The versions of Linux node images for the following versions of GKE have been updated with code to fix these vulnerabilities. Upgrade your control plane and nodes to one of the following GKE versions:

• 1.18 version to be determined
• 1.19.16-gke.6100
• 1.20.15-gke.200
• 1.21.9-gke.200
• 1.22.6-gke.600
• 1.23.3-gke.500

What vulnerability is addressed by this patch?

CVE-2021-43527

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Both Anthos clusters on VMware COS and Ubuntu images have a vulnerable version installed, and need to be patched.

Potentially, CVE-2021-43527 can have a wide impact across with applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12. As well as applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted. Impact depends on how they configure/use NSS. Anthos on VMware doesn't use libnss3 for any publicly accessible APIs, therefore the impact is limited and this CVE's severity for Anthos clusters on VMware is rated as Medium.

What should I do?

The versions of Linux node images for the following versions of Anthos have been updated with code to fix these vulnerabilities. Upgrade your control plane and nodes to one of the following Anthos versions:

• 1.8.7
• 1.9.4
• 1.10.2

Are you using an Anthos clusters on VMware version older than 1.18? You are using an Anthos version out of SLA and should consider upgrading to one of the supported versions.

What vulnerability is addressed by this patch?

CVE-2021-43527

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how NSS is used/configured. Anthos clusters on Azure Ubuntu images have a vulnerable version installed, and need to be patched.

Potentially, CVE-2021-43527 can have a wide impact across with applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS#7, or PKCS#12. As well as applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted. Impact depends on how they configure/use NSS. Anthos clusters on Azure doesn't use libnss3 for any publicly accessible APIs, therefore the impact is limited and this CVE's severity for Anthos on Azure is rated as Medium.

What should I do?

The versions of Linux node images for the following versions of Anthos on Azure have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following Anthos on Azure versions:

• v1.21.6-gke.1500

What vulnerability is addressed by this patch?

CVE-2021-43527

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

What should I do?

GKE is unaffected because the vulnerable module, policykit-1, is not installed on COS or Ubuntu images used in GKE. No action is required.

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

The Anthos default configuration already gives users full "sudo" privileges, so this exploit does not change Anthos existing security posture

Technical details

For this bug to be exploitable, an attacker needs both a non-root shell on the node filesystem and to have the vulnerable version of pkexec installed. While Anthos clusters on VMware does include a version of policykit-1 in its release images, the Anthos default configuration allows passwordless sudo to anyone with shell access already, so this vulnerability does not give a user any more privileges than they already have.

What should I do?

No action is required. Anthos clusters on VMware is unaffected.

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

The Anthos default configuration already gives users full "sudo" privileges, so this exploit does not change Anthos existing security posture

Technical details

For this bug to be exploitable, an attacker needs both a non-root shell on the node filesystem and to have the vulnerable version of pkexec installed. While Anthos on Azure does include a version of policykit-1 in its release images, the Anthos default configuration allows passwordless sudo to anyone with shell access already, so this vulnerability does not give a user any more privileges than they already have.

What should I do?

No action is required. Anthos on Azure is unaffected.

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure.

Pods using GKE Sandbox are not vulnerable to these vulnerabilities.

See the COS release notes for more details.

Technical details

In CVE-2021-4154, an attacker can exploit the fsconfig system call parameter to trigger a use-after-free bug in the linux kernel, resulting in getting root privileges. This is a local privilege escalation attack that will lead to a container breakout.

CVE-2021-22600 is a double free exploit in packet_set_ring that can lead to a container escape to the host node.

With CVE-2022-0185, a heap overflow bug in legacy_parse_param() may lead to an out-of-bounds write that will cause a container breakout.

The exploitation path for this vulnerability that relies on the "unshare" syscall is blocked on GKE Autopilot clusters by default using seccomp filtering.

Users who have manually enabled the default container runtime seccomp profile on GKE Standard clusters are also protected.

What should I do?

2022-03-07 Update:The versions of Linux node images for the following versions of GKE have been updated with code to fix all these vulnerabilities for both Ubuntu and COS images. Upgrade your control plane and nodes to one of the following GKE versions.

• 1.18.20-gke.6101
• 1.19.16-gke.8300
• 1.20.15-gke.2500
• 1.21.10-gke.400
• 1.22.7-gke.900
• 1.23.3-gke.1100

2022-02-25 Update:If you use Ubuntu node images, 1.22.6-gke.1000 does not address CVE-2021-22600. We will update this bulletin with Ubuntu patch versions when they are available.

2022-02-23 Update: The versions of Linux node images for the following versions of GKE have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following GKE versions.

• 1.18.20-gke.6101
• 1.22.6-gke.1000
• 1.23.3-gke.1100

2022-02-04 Update: The rollout start date for GKE patch versions was February 2.

The versions of Linux node images for the following versions of GKE have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following GKE versions.

• 1.19.16-gke.6100
• 1.20.15-gke.300
• 1.21.9-gke.300

1.22 and 1.23 versions are also in progress. We will update this bulletin with specific versions when they're available.

What vulnerability is addressed by this patch?

• CVE-2021-4154
• CVE-2021-22600
• CVE-2022-0185

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure.

See the COS release notes for more details.

Technical details

In CVE-2021-4154, an attacker can exploit the fsconfig system call parameter to trigger a use-after-free bug in the linux kernel, resulting in getting root privileges. This is a local privilege escalation attack that will lead to a container breakout.

CVE-2021-22600 is a double free exploit in packet_set_ring that can lead to a container escape to the host node.

With CVE-2022-0185, a heap overflow bug in legacy_parse_param() may lead to an out-of-bounds write that will cause a container breakout.

Users who have manually enabled the default container runtime seccomp profile on GKE Standard clusters are also protected.

What should I do?

2022-02-23 Update: version 1.10.2 (Fixes CVE-2021-22600, CVE-2021-4154, and CVE-2022-0185) is now scheduled for March 1.

2022-02-23 Update: Added patched versions addressing CVE-2021-2260.

Version 1.10.1 does not address CVE-2021-22600 but does address the other vulnerabilities. Versions 1.9.4 and 1.10.2, both unreleased, will address CVE-2021-22600. The versions of Linux node images for the following versions of Anthos clusters on VMware have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following Anthos clusters on VMware versions:

• 1.10.1 (Fixes CVE-2021-4154 and CVE-2022-0185. Released February 10)
• 1.8.7 (Fixes CVE-2021-22600, CVE-2021-4154, and CVE-2022-0185. Released February 17)
• 1.9.4 (Fixes CVE-2021-22600, CVE-2021-4154, and CVE-2022-0185. Released February 23)
• 1.10.2 (Fixes CVE-2021-22600, CVE-2021-4154, and CVE-2022-0185. Scheduled for February 24)

2022-02-04 Update: Added information about Ubuntu images not addressing CVE-2021-22600.

The versions of Linux node images for the following versions of Anthos clusters on VMware have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following Anthos clusters on VMware versions:

• 1.10.1 (COS update only. Ubuntu patch will be in 1.10.2-scheduled for February 23)
• 1.9.4 (scheduled for February 15)
• 1.8.7 (scheduled for February 15)

What vulnerability is addressed by this patch?

• CVE-2021-4154
• CVE-2021-22600
• CVE-2022-0185

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure.

See the COS release notes for more details.

Technical details

In CVE-2021-4154, an attacker can exploit the fsconfig system call parameter to trigger a use-after-free bug in the linux kernel, resulting in getting root privileges. This is a local privilege escalation attack that will lead to a container breakout.

CVE-2021-22600 is a double free exploit in packet_set_ring that can lead to a container escape to the host node.

With CVE-2022-0185, a heap overflow bug in legacy_parse_param() may lead to an out-of-bounds write that will cause a container breakout.

Users who have manually enabled the default container runtime seccomp profile on GKE Standard clusters are also protected.

What should I do?

Anthos clusters on AWS

The versions of Linux node images for the following versions of Anthos clusters on AWS have been updated with code to fix these vulnerabilities. Upgrade your clusters to the following Anthos clusters on AWS version:

• 1.21.6-gke.1500 and later (available in February)

Anthos clusters on AWS (previous generation)

The versions of Linux node images for the following versions of Anthos clusters on AWS (previous generation) have been updated with code to fix these vulnerabilities. Upgrade your clusters to one of the following Anthos clusters on AWS (previous generation) versions:

• 1.19.16-gke.5300
• 1.20.14-gke.2000
• 1.21.8-gke.2000

What vulnerability is addressed by this patch?

• CVE-2021-4154
• CVE-2021-22600
• CVE-2022-0185

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure.

See the COS release notes for more details.

Technical details

In CVE-2021-4154, an attacker can exploit the fsconfig system call parameter to trigger a use-after-free bug in the linux kernel, resulting in getting root privileges. This is a local privilege escalation attack that will lead to a container breakout.

CVE-2021-22600 is a double free exploit in packet_set_ring that can lead to a container escape to the host node.

With CVE-2022-0185, a heap overflow bug in legacy_parse_param() may lead to an out-of-bounds write that will cause a container breakout.

Users who have manually enabled the default container runtime seccomp profile on GKE Standard clusters are also protected.

What should I do?

The versions of Linux node images for the following versions of Anthos on Azure have been updated with code to fix these vulnerabilities. Upgrade your clusters to the following Anthos on Azure version:

• 1.21.6-gke.1500 and later (available in February)

What vulnerability is addressed by this patch?

• CVE-2021-4154
• CVE-2021-22600
• CVE-2022-0185

A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces.

What should I do?

This security issue does not impact your GKE cluster infrastructure or any Anthos environments cluster infrastructure. If you use ingress-nginx in your workload deployments, you should be aware of this security issue. See ingress-nginx Issue 7837 for more details.

A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces.

What should I do?

This security issue does not impact your GKE cluster infrastructure or any Anthos environments cluster infrastructure. If you use ingress-nginx in your workload deployments, you should be aware of this security issue. See ingress-nginx Issue 7837 for more details.

A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces.

What should I do?

This security issue does not impact your GKE cluster infrastructure or any Anthos environments cluster infrastructure. If you use ingress-nginx in your workload deployments, you should be aware of this security issue. See ingress-nginx Issue 7837 for more details.

A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces.

What should I do?

This security issue does not impact your GKE cluster infrastructure or any Anthos environments cluster infrastructure. If you use ingress-nginx in your workload deployments, you should be aware of this security issue. See ingress-nginx Issue 7837 for more details.

A vulnerability has been discovered in the Anthos Identity Service (AIS) LDAP module of Anthos clusters on VMware versions 1.8 and 1.8.1 where a seed key used in generating keys is predictable. With this vulnerability, an authenticated user could add arbitrary claims and escalate privileges indefinitely.

Technical details

A recent addition to AIS code creates symmetric keys using golang's math/rand module, which is not suitable for security-sensitive code. The module is used in a way that will generate a predictable key. During identity verification, a secure token service (STS) key is generated that is subsequently encrypted with a symmetric key that is simple to derive.

What should I do?

This vulnerability only affects customers using AIS in Anthos clusters on VMware versions 1.8 and 1.8.1. For users of Anthos clusters on VMware 1.8, upgrade your clusters to the following version:

• 1.8.2

A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server.

Technical details

With this vulnerability, actors who control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the API server. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

This issue can be mitigated by changing certain parameters for the API server.

What should I do?

No action is required at this time.

Currently available versions of GKE and Anthos have implemented the following mitigations that protect against this type of attack:

• The --profiling flag for kube-apiserver is set to false.
• The kube-apiserver log level is set below 10.

What vulnerability is addressed by this patch?

A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server.

Technical details

With this vulnerability, actors who control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the API server. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

This issue can be mitigated by changing certain parameters for the API server.

What should I do?

No action is required at this time.

Currently available versions of GKE and Anthos have implemented the following mitigations that protect against this type of attack:

• The --profiling flag for kube-apiserver is set to false.
• The kube-apiserver log level is set below 10.

What vulnerability is addressed by this patch?

A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server.

Technical details

With this vulnerability, actors who control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the API server. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

This issue can be mitigated by changing certain parameters for the API server.

What should I do?

No action is required at this time.

Currently available versions of GKE and Anthos have implemented the following mitigations that protect against this type of attack:

• The --profiling flag for kube-apiserver is set to false.
• The kube-apiserver log level is set below 10.

What vulnerability is addressed by this patch?

A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server.

Technical details

With this vulnerability, actors who control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the API server. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

This issue can be mitigated by changing certain parameters for the API server.

What should I do?

No action is required at this time.

Currently available versions of GKE and Anthos have implemented the following mitigations that protect against this type of attack:

• The --profiling flag for kube-apiserver is set to false.
• The kube-apiserver log level is set below 10.

What vulnerability is addressed by this patch?

A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Technical details:

What should I do?

We recommend you to upgrade your node pools to one of the following versions or above to take advantage of the latest patches:

• 1.21.4-gke.301
• 1.20.10-gke.301
• 1.19.14-gke.301
• 1.18.20-gke.4501

The following versions also contain the fix:

• 1.21.3-gke.2001
• 1.20.8-gke.2101
• 1.20.9-gke.701
• 1.20.9-gke.1001
• 1.19.12-gke.2101
• 1.19.13-gke.701
• 1.18.20-gke.3001

A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Technical details:

What should I do?

Updated 2021-09-24: Patched versions 1.8.3 and 1.7.4 are now available.

Updated 2021-09-17: Corrected the list of available versions that contain the patch.

The following versions of Anthos clusters on VMware have been updated with code to fix this vulnerability. Upgrade your admin clusters and user clusters to one of the following versions:

• 1.8.3
• 1.8.2
• 1.7.4
• 1.6.5

A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Technical details:

What should I do?

2021-9-16 Update: Added list of supported gke-versions for AWSCluster and AWSNodePool objects.

The following versions of Anthos clusters on AWS have been updated with code to fix this vulnerability. It is recommended that you:

• Upgrade your AWSManagementService, AWSCluster and AWSNodePool objects to the following version:
  • 1.8.2
• Update the gke-version of your AWSCluster and AWSNodePool objects to one of the supported Kubernetes versions:
  • 1.17.17-gke.15800
  • 1.18.20-gke.4800
  • 1.19.14-gke.600
  • 1.20.10-gke.600

A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Technical details:

What should I do?

The following versions of Anthos clusters on bare metal have been updated with code to fix this vulnerability. Upgrade your admin clusters and user clusters to one of the following versions:

• 1.8.3
• 1.7.4

2021-09-23 update:

Containers running inside of GKE Sandbox are unaffected by this vulnerability for attacks originating inside the container.

2021-09-15 update:

The following GKE versions address the vulnerabilities:

• 1.18.20-gke.4100
• 1.19.13-gke.1900
• 1.20.9-gke.1500
• 1.21.3-gke.1400

Two security vulnerabilities, CVE-2021-33909 and CVE-2021-33910, have been discovered in the Linux kernel that can lead to an OS crash or an escalation to root by an unprivileged user. This vulnerability affects all GKE node operating systems (COS and Ubuntu).

Technical details:

In CVE-2021-33909, the Linux kernel's filesystem layer does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root.
With CVE-2021-33910, systemd has a memory allocation with an excessive size value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

What should I do?

The versions of Linux node images for the following versions of GKE have been updated with code to fix this vulnerability. Upgrade your clusters to one of the following versions:

• 1.18.20-gke.4100
• 1.19.13-gke.1900
• 1.20.9-gke.1500
• 1.21.3-gke.1400

Two security vulnerabilities, CVE-2021-33909 and CVE-2021-33910, have been discovered in the Linux kernel that can lead to an OS crash or an escalation to root by an unprivileged user. This vulnerability affects all GKE node operating systems (COS and Ubuntu).

Technical details:

In CVE-2021-33909, the Linux kernel's filesystem layer does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root.
With CVE-2021-33910, systemd has a memory allocation with an excessive size value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

What should I do?

The versions of Linux node images for Anthos clusters on AWS have been updated with code to fix this vulnerability. Upgrade your clusters to one of the following versions:

• 1.20.10-gke.600
• 1.19.14-gke.600
• 1.18.20-gke.4800
• 1.17.17-gke.15800

Two security vulnerabilities, CVE-2021-33909 and CVE-2021-33910, have been discovered in the Linux kernel that can lead to an OS crash or an escalation to root by an unprivileged user. This vulnerability affects all GKE node operating systems (COS and Ubuntu).

Technical details:

In CVE-2021-33909, the Linux kernel's filesystem layer does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root.
With CVE-2021-33910, systemd has a memory allocation with an excessive size value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

What should I do?

The versions of Linux and COS node images for Anthos clusters on VMware have been updated with code to fix this vulnerability. Upgrade your clusters to one of the following versions:

• 1.9
• 1.8.2
• 1.7.3
• 1.6.4 (Linux only)

See Version history--Kubernetes and node kernel versions.

A new security vulnerability, CVE-2021-22555, has been discovered where a malicious actor with CAP_NET_ADMIN privileges can potentially cause a container breakout to root on the host. This vulnerability affects all GKE clusters and Anthos clusters on VMware running Linux version 2.6.19 or later.

Technical details

In this attack, an out-of-bounds write in setsockopt in the netfilter subsystem in Linux can allow a heap corruption (and therefore denial of service) and escalation of privileges.

What should I do?

The following versions of Linux on GKE have been updated with code to fix this vulnerability. Upgrade your clusters to one of the following versions:

• 1.21.1-gke.2200
• 1.20.7-gke.2200
• 1.19.11-gke.2100
• 1.18.20-gke.501

What vulnerability is addressed by this patch?

CVE-2021-22555

A new security vulnerability, CVE-2021-22555, has been discovered where a malicious actor with CAP_NET_ADMIN privileges can potentially cause a container breakout to root on the host. This vulnerability affects all GKE clusters and Anthos clusters on VMware running Linux version 2.6.19 or later.

Technical details

In this attack, an out-of-bounds write in setsockopt in the netfilter subsystem in Linux can allow a heap corruption (and therefore denial of service) and escalation of privileges.

What should I do?

The following versions of Linux on Anthos clusters on VMware have been updated with code to fix this vulnerability. Upgrade your clusters to one of the following versions:

• 1.8
• 1.7.3
• 1.6.4

What vulnerability is addressed by this patch?

CVE-2021-22555

Microsoft published a security bulletin on a Remote code execution (RCE) vulnerability, CVE-2021-34527, that affects the print spooler in Windows servers. The CERT Coordination Center (CERT/CC) published an update note on a related vulnerability, dubbed "PrintNightmare" that also affects Windows print spoolers - PrintNightmare, Critical Windows Print Spooler Vulnerability

What should I do?

No action is required. GKE Windows nodes do not contain the affected Spooler service as part of the base image, so GKE Windows deployments are not vulnerable to this attack.

What vulnerabilities are addressed by this bulletin?

• PrintNightmare
• CVE-2021-34527

What should I do?

The Istio project recently disclosed a new security vulnerability (CVE-2021-34824) affecting Istio. Istio contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.

Technical details:

The Istio secure Gateway or workloads using the DestinationRule can load TLS private keys and certificates from Kubernetes secrets via the credentialName configuration. From Istio 1.8 and above, the secrets are read from istiod and conveyed to gateways and workloads via XDS.

Normally, a gateway or workload deployment is only able to access TLS certificates and private keys stored in the secret within its namespace. However, a bug in istiod allows a client authorized to access the Istio XDS API to retrieve any TLS certificate and private keys cached in istiod.

What should I do?

GKE clusters do not run Istio by default and, when enabled, use Istio version 1.6, which is not vulnerable to this attack. If you have installed or upgraded Istio on the cluster to Istio 1.8 or above, upgrade your Istio to the latest supported version.

What should I do?

The Istio project recently disclosed a new security vulnerability (CVE-2021-34824) affecting Istio. Istio contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.

Technical details:

The Istio secure Gateway or workloads using the DestinationRule can load TLS private keys and certificates from Kubernetes secrets via the credentialName configuration. From Istio 1.8 and above, the secrets are read from istiod and conveyed to gateways and workloads via XDS.

Normally, a gateway or workload deployment is only able to access TLS certificates and private keys stored in the secret within its namespace. However, a bug in istiod allows a client authorized to access the Istio XDS API to retrieve any TLS certificate and private keys cached in istiod.

What should I do?

Anthos clusters on VMware v1.6 and v1.7 are not vulnerable to this attack. Anthos clusters on VMware v1.8 are vulnerable.

If you are using Anthos clusters on VMware v1.8, upgrade to the following patched version or later:

• 1.8.0-gke.25

What should I do?

The Istio project recently disclosed a new security vulnerability (CVE-2021-34824) affecting Istio. Istio contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.

Technical details:

The Istio secure Gateway or workloads using the DestinationRule can load TLS private keys and certificates from Kubernetes secrets via the credentialName configuration. From Istio 1.8 and above, the secrets are read from istiod and conveyed to gateways and workloads via XDS.

Normally, a gateway or workload deployment is only able to access TLS certificates and private keys stored in the secret within its namespace. However, a bug in istiod allows a client authorized to access the Istio XDS API to retrieve any TLS certificate and private keys cached in istiod. Clusters created or upgraded with Anthos clusters on bare metal v1.8.0 are impacted by this CVE.

What should I do?

Anthos v1.6 and 1.7 are not vulnerable to this attack. If you have v1.8.0 clusters, download and install the 1.8.1 version of bmctl and upgrade your clusters to the following patched version:

• 1.8.1

The security community recently disclosed a new security vulnerability (CVE-2021-30465) found in runc that has the potential to allow full access to a node filesystem.

For GKE, because exploiting this vulnerability requires the ability to create pods, we have rated the severity of this vulnerability at MEDIUM.

Technical details

The runc package is vulnerable to a symlink exchange attack when mounting a volume.

For this specific attack, a user can potentially exploit a race condition by starting multiple pods on a single node simultaneously, all of which share the same volume mount with a symlink.

If the attack succeeds, one of the pods will mount the node's filesystem with root permissions.

What should I do?

There is a newly released patch to runc (1.0.0-rc95) that fixes this vulnerability.

Upgrade your GKE cluster to one of the following updated versions:

• 1.18.19-gke.2100
• 1.19.9-gke.1400
• 1.20.6-gke.1400
• 1.21.2-gke.600

Medium

The security community recently disclosed a new security vulnerability (CVE-2021-30465) found in runc that has the potential to allow full access to a node filesystem.

For Anthos clusters on VMware, because exploiting this vulnerability requires the ability to create pods, we have rated the severity of this vulnerability at MEDIUM.

Technical details

The runc package is vulnerable to a symlink exchange attack when mounting a volume.

For this specific attack, a user can potentially exploit a race condition by starting multiple pods on a single node simultaneously, all of which share the same volume mount with a symlink.

If the attack succeeds, one of the pods will mount the node's filesystem with root permissions.

What should I do?

There is a newly released patch to runc that fixes this vulnerability. Upgrade your Anthos clusters on VMware to one of the following versions:

• 1.7.3-gke-2
• 1.8.1-gke.7
• 1.9.0-gke.8

Medium

The security community recently disclosed a new security vulnerability (CVE-2021-30465) found in runc that has the potential to allow full access to a node filesystem.

Because this is an OS-level vulnerability, Anthos clusters on AWS are not vulnerable.

Technical details

The runc package is vulnerable to a symlink exchange attack when mounting a volume.

For this specific attack, a user can potentially exploit a race condition by starting multiple pods on a single node simultaneously, all of which share the same volume mount with a symlink.

If the attack succeeds, one of the pods will mount the node's filesystem with root permissions.

What should I do?

None

The security community recently disclosed a new security vulnerability (CVE-2021-30465) found in runc that has the potential to allow full access to a node filesystem.

Because this is an OS-level vulnerability, Anthos clusters on bare metal are not vulnerable.

Technical details

The runc package is vulnerable to a symlink exchange attack when mounting a volume.

For this specific attack, a user can potentially exploit a race condition by starting multiple pods on a single node simultaneously, all of which share the same volume mount with a symlink.

If the attack succeeds, one of the pods will mount the node's filesystem with root permissions.

What should I do?

Ensure that the OS version on which you are running Anthos on bare metal is upgraded to the latest OS version that has an updated runc package.

None

The Istio project recently disclosed a new security vulnerability (CVE-2021-31920) affecting Istio.

Istio contains a remotely-exploitable vulnerability where an HTTP request with multiple slashes or escaped slash characters can bypass Istio authorization policy when path based authorization rules are used.

What should I do?

We strongly recommend that you update and reconfigure your GKE clusters. Please note it is important to complete both steps below to successfully resolve the vulnerability:

1. Update your clusters: Please complete the following instructions to upgrade your clusters to the newest patch versions as soon as possible:
   • If you are using Istio on GKE 1.6:

     The newest patch release version is 1.6.14-gke.3. Please follow the upgrade instructions to upgrade your clusters to the newest version.

   • If you are using Istio on GKE 1.4:

   Istio on GKE 1.4 releases are no longer supported by Istio and we do not backport CVE fixes to these versions. Please follow the Istio upgrade instructions to upgrade your clusters to 1.6, then follow the above instructions to get the newest version of Istio on GKE 1.6.

2. Configure Istio:

   Once your clusters are patched, you must reconfigure Istio on GKE. Please refer to the security best practices guide to correctly configure your system.

High

The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682 and CVE-2021-29258), that could allow an attacker to crash Envoy.

GKE clusters do not run Istio by default and are not vulnerable. If Istio has been installed in a cluster and configured to expose services to the internet, those services may be vulnerable to denial of service.

What should I do?

To fix these vulnerabilities, upgrade your GKE control plane to one of the following patched versions:

• 1.16.15-gke.16200
• 1.17.17-gke.6100
• 1.18.17-gke.1300
• 1.19.9-gke.1300
• 1.20.5-gke.1400

The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682 and CVE-2021-29258), that could allow an attacker to crash Envoy.

Anthos clusters on VMware use Envoy by default for Ingress, so Ingress services may be vulnerable to denial of service.

What should I do?

To fix these vulnerabilities, upgrade your Anthos clusters on VMware to one of the following patched versions when released:

• 1.5.4
• 1.6.3
• 1.7.1

The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682 and CVE-2021-29258), that could allow an attacker to crash Envoy.

Anthos on bare metal uses Envoy by default for Ingress, so Ingress services may be vulnerable to denial of service.

What should I do?

To fix these vulnerabilities, upgrade your Anthos on bare metal cluster to one of the following patched versions when released:

• 1.6.3
• 1.7.1

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook.

In a scenario where an attacker has sufficient privileges and where a Validating Admission Webhook is implemented that uses old Node object properties (for example fields in Node.NodeSpec), the attacker could update properties of a node that could lead to a cluster compromise. None of the policies enforced by GKE and Kubernetes built-in admission controllers are affected, but we recommend customers check any additional admission webhooks they have installed.

What should I do?

To fix this vulnerability, upgrade your GKE cluster to one of the following patched versions:

• 1.18.17-gke.900
• 1.19.9-gke.900
• 1.20.5-gke.900

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook.

In a scenario where an attacker has sufficient privileges and where a Validating Admission Webhook is implemented that uses old Node object properties (for example fields in Node.NodeSpec), the attacker could update properties of a node that could lead to a cluster compromise. None of the policies enforced by GKE and Kubernetes built-in admission controllers are affected, but we recommend customers check any additional admission webhooks they have installed.

What should I do?

An upcoming patch version will include a mitigation for this vulnerability.

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook.

In a scenario where an attacker has sufficient privileges and where a Validating Admission Webhook is implemented that uses old Node object properties (for example fields in Node.NodeSpec), the attacker could update properties of a node that could lead to a cluster compromise. None of the policies enforced by GKE and Kubernetes built-in admission controllers are affected, but we recommend customers check any additional admission webhooks they have installed.

What should I do?

An upcoming patch version will include a mitigation for this vulnerability.

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook.

In a scenario where an attacker has sufficient privileges and where a Validating Admission Webhook is implemented that uses old Node object properties (for example fields in Node.NodeSpec), the attacker could update properties of a node that could lead to a cluster compromise. None of the policies enforced by GKE and Kubernetes built-in admission controllers are affected, but we recommend customers check any additional admission webhooks they have installed.

What should I do?

An upcoming patch version will include a mitigation for this vulnerability.

A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with sudo installed to escalate their privileges to root on the system.

Google Kubernetes Engine (GKE) clusters are not affected by this vulnerability:

• Users who are authorized to SSH to GKE nodes are already considered highly privileged and can use sudo to obtain root privileges by design. The vulnerability does not yield any additional privilege escalation paths in this scenario.
• Most GKE system containers are built from distroless base images which do not have a shell or sudo installed. Other images are built from a debian base image that doesn't contain sudo. Even if sudo was present, access to sudo inside the container does not give you access to the host due to the container boundary.

What should I do?

Because GKE clusters are not affected by this vulnerability, no further action is required.

GKE will have the patch for this vulnerability applied in a coming release at regular cadence.

A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with sudo installed to escalate their privileges to root on the system.

Anthos clusters on VMware are not affected by this vulnerability:

• Users who are authorized to SSH to Anthos clusters on VMware nodes are already considered highly privileged and can use sudo to obtain root privileges by design. The vulnerability does not yield any additional privilege escalation paths in this scenario.
• Most Anthos clusters on VMware system containers are built from distroless base images which do not have a shell or sudo installed. Other images are built from a debian base image that doesn't contain sudo. Even if sudo was present, access to sudo inside the container does not give you access to the host due to the container boundary.

What should I do?

Because Anthos clusters on VMware clusters are not affected by this vulnerability, no further action is required.

Anthos clusters on VMware will have the patch for this vulnerability applied in a coming release at regular cadence.

A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with sudo installed to escalate their privileges to root on the system.

Anthos clusters on AWS are not affected by this vulnerability:

• Users who are authorized to SSH to Anthos clusters on AWS nodes are already considered highly privileged and can use sudo to obtain root privileges by design. The vulnerability does not yield any additional privilege escalation paths in this scenario.
• Most Anthos clusters on AWS system containers are built from distroless base images which do not have a shell or sudo installed. Other images are built from a debian base image that doesn't contain sudo. Even if sudo was present, access to sudo inside the container does not give you access to the host due to the container boundary.

What should I do?

Because Anthos clusters on AWS clusters are not affected by this vulnerability, no further action is required.

Anthos clusters on AWS will have the patch for this vulnerability applied in a coming release at regular cadence.

A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with sudo installed to escalate their privileges to root on the system.

Anthos on bare metal clusters are not affected by this vulnerability:

• Users who are authorized to SSH to Anthos on bare metal nodes are already considered highly privileged and can use sudo to obtain root privileges by design. The vulnerability does not yield any additional privilege escalation paths in this scenario.
• Most Anthos on bare metal system containers are built from distroless base images which do not have a shell or sudo installed. Other images are built from a debian base image that doesn't contain sudo. Even if sudo was present, access to sudo inside the container does not give you access to the host due to the container boundary.

What should I do?

Because Anthos on bare metal clusters are not affected by this vulnerability, no further action is required.

Anthos on bare metal will have the patch for this vulnerability applied in a coming release at regular cadence.

gcloud beta container clusters update –no-enable-service-externalips

1. Starting in GKE version 1.21, services with ExternalIPs are blocked by a DenyServiceExternalIPs admission controller that is enabled by default for new clusters.
2. Customers who upgrade to GKE version 1.21 can block services with ExternalIPs using the following command:

   gcloud container clusters update –no-enable-service-externalips
   

For more information, see Hardening your cluster's security.

The Kubernetes project recently discovered a new security vulnerability, CVE-2020-8554, that might allow an attacker who has obtained permissions to create a Kubernetes Service of type LoadBalancer or ClusterIP to intercept network traffic originating from other Pods in the cluster.

This vulnerability by itself does not give an attacker permissions to create a Kubernetes Service.

All Google Kubernetes Engine (GKE) clusters are affected by this vulnerability.

What should I do?

Kubernetes might need to make backwards incompatible design changes in a future version to address the vulnerability.

If many users share access to your cluster with permissions to create Services, such as in a multi-tenant cluster, consider applying a mitigation in the meantime. For now, the best approach for mitigation is to restrict the use of ExternalIPs in a cluster. ExternalIPs are not a commonly used feature.

Restrict the use of ExternalIPs in a cluster with one of the following methods:

1. Use Anthos Policy Controller or Gatekeeper with this constraint template and apply it. For example:

   # Only allow the creation of Services with no
   # ExternalIP or an ExternalIP of 203.0.113.1:
   
   apiVersion: constraints.gatekeeper.sh/v1beta1
   kind: K8sExternalIPs
   metadata:
     name: external-ips
   spec:
     match:
       kinds:
         - apiGroups: [""]
           kinds: ["Service"]
     parameters:
       allowedIPs:
         - "203.0.113.1"
   

2. Or install an admission controller to prevent the use of ExternalIPs. The Kubernetes project has provided a sample admission controller for this task.

As mentioned in the Kubernetes announcement, no mitigation is provided for Services of type LoadBalancer because, by default, only highly privileged users and system components are granted the container.services.updateStatus permission which is required to leverage this vulnerability.

gcloud beta container clusters update –no-enable-service-externalips

1. Starting in GKE version 1.21, services with ExternalIPs are blocked by a DenyServiceExternalIPs admission controller that is enabled by default for new clusters.
2. Customers who upgrade to GKE version 1.21 can block services with ExternalIPs using the following command:

   gcloud container clusters update –no-enable-service-externalips
   

For more information, see Hardening your cluster's security.

The Kubernetes project recently discovered a new security vulnerability, CVE-2020-8554, that might allow an attacker who has obtained permissions to create a Kubernetes Service of type LoadBalancer or ClusterIP to intercept network traffic originating from other Pods in the cluster.

This vulnerability by itself does not give an attacker permissions to create a Kubernetes Service.

All Anthos clusters on VMware are affected by this vulnerability.

What should I do?

Kubernetes might need to make backwards incompatible design changes in a future version to address the vulnerability.

If many users share access to your cluster with permissions to create Services, such as in a multi-tenant cluster, consider applying a mitigation in the meantime. For now, the best approach for mitigation is to restrict the use of ExternalIPs in a cluster. ExternalIPs are not a commonly used feature.

Restrict the use of ExternalIPs in a cluster with one of the following methods:

1. Use Anthos Policy Controller or Gatekeeper with this constraint template and apply it. For example:

   # Only allow the creation of Services with no
   # ExternalIP or an ExternalIP of 203.0.113.1:
   
   apiVersion: constraints.gatekeeper.sh/v1beta1
   kind: K8sExternalIPs
   metadata:
     name: external-ips
   spec:
     match:
       kinds:
         - apiGroups: [""]
           kinds: ["Service"]
     parameters:
       allowedIPs:
         - "203.0.113.1"
   

2. Or install an admission controller to prevent the use of ExternalIPs. The Kubernetes project has provided a sample admission controller for this task.

As mentioned in the Kubernetes announcement, no mitigation is provided for Services of type LoadBalancer because, by default, only highly privileged users and system components are granted the container.services.updateStatus permission which is required to leverage this vulnerability.

gcloud beta container clusters update –no-enable-service-externalips

1. Starting in GKE version 1.21, services with ExternalIPs are blocked by a DenyServiceExternalIPs admission controller that is enabled by default for new clusters.
2. Customers who upgrade to GKE version 1.21 can block services with ExternalIPs using the following command:

   gcloud container clusters update –no-enable-service-externalips
   

For more information, see Hardening your cluster's security.

The Kubernetes project recently discovered a new security vulnerability, CVE-2020-8554, that might allow an attacker who has obtained permissions to create a Kubernetes Service of type LoadBalancer or ClusterIP to intercept network traffic originating from other Pods in the cluster.

This vulnerability by itself does not give an attacker permissions to create a Kubernetes Service.

All Anthos clusters on AWS are affected by this vulnerability.

What should I do?

Kubernetes might need to make backwards incompatible design changes in a future version to address the vulnerability.

If many users share access to your cluster with permissions to create Services, such as in a multi-tenant cluster, consider applying a mitigation in the meantime. For now, the best approach for mitigation is to restrict the use of ExternalIPs in a cluster. ExternalIPs are not a commonly used feature.

Restrict the use of ExternalIPs in a cluster with one of the following methods:

1. Use Anthos Policy Controller or Gatekeeper with this constraint template and apply it. For example:

   # Only allow the creation of Services with no
   # ExternalIP or an ExternalIP of 203.0.113.1:
   
   apiVersion: constraints.gatekeeper.sh/v1beta1
   kind: K8sExternalIPs
   metadata:
     name: external-ips
   spec:
     match:
       kinds:
         - apiGroups: [""]
           kinds: ["Service"]
     parameters:
       allowedIPs:
         - "203.0.113.1"
   

2. Or install an admission controller to prevent the use of ExternalIPs. The Kubernetes project has provided a sample admission controller for this task.

As mentioned in the Kubernetes announcement, no mitigation is provided for Services of type LoadBalancer because, by default, only highly privileged users and system components are granted the container.services.updateStatus permission which is required to leverage this vulnerability.

The Kubernetes project recently discovered several issues that allow for the exposure of secret data when verbose logging options are enabled. The issues are:

• CVE-2020-8563: Secret leaks in logs for vSphere Provider kube-controller-manager
• CVE-2020-8564: Docker config secrets leaked when file is malformed and loglevel >= 4
• CVE-2020-8565: Incomplete fix for CVE-2019-11250 in Kubernetes allows for token leak in logs when logLevel >= 9. Discovered by GKE Security.
• CVE-2020-8566: Ceph RBD adminSecrets exposed in logs when loglevel >= 4

GKE is not affected.

What should I do?

No further action is required due to the default verbosity logging levels of GKE.

The Kubernetes project recently discovered several issues that allow for the exposure of secret data when verbose logging options are enabled. The issues are:

• CVE-2020-8563: Secret leaks in logs for vSphere Provider kube-controller-manager
• CVE-2020-8564: Docker config secrets leaked when file is malformed and loglevel >= 4
• CVE-2020-8565: Incomplete fix for CVE-2019-11250 in Kubernetes allows for token leak in logs when logLevel >= 9. Discovered by GKE Security.
• CVE-2020-8566: Ceph RBD adminSecrets exposed in logs when loglevel >= 4

Anthos clusters on VMware is not affected.

What should I do?

No further action is required due to the default verbosity logging levels of GKE.

The Kubernetes project recently discovered several issues that allow for the exposure of secret data when verbose logging options are enabled. The issues are:

• CVE-2020-8563: Secret leaks in logs for vSphere Provider kube-controller-manager
• CVE-2020-8564: Docker config secrets leaked when file is malformed and loglevel >= 4
• CVE-2020-8565: Incomplete fix for CVE-2019-11250 in Kubernetes allows for token leak in logs when logLevel >= 9. Discovered by GKE Security.
• CVE-2020-8566: Ceph RBD adminSecrets exposed in logs when loglevel >= 4

Anthos clusters on AWS is not affected.

What should I do?

No further action is required due to the default verbosity logging levels of GKE.

A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386, that may allow container escape to obtain root privileges on the host node.

All GKE nodes are affected. Pods running in GKE Sandbox are not able to leverage this vulnerability.

What should I do?

To fix this vulnerability, upgrade your control plane, and then your nodes to one of the patched versions listed below:

• 1.14.10-gke.50
  
• 1.15.12-gke.20
• 1.16.13-gke.401
• 1.17.9-gke.1504
• 1.18.6-gke.3504

Exploiting this vulnerability requires CAP_NET_RAW, but very few containers typically require CAP_NET_RAW. This and other powerful capabilities should be blocked by default through PodSecurityPolicy or Policy Controller:

Drop the CAP_NET_RAW capability from containers with one of the following methods:

• Enforce blocking these capabilities with PodSecurityPolicy, for example:

      # Require dropping CAP_NET_RAW with a PSP
      apiversion: extensions/v1beta1
      kind: PodSecurityPolicy
      metadata:
        name: no-cap-net-raw
      spec:
        requiredDropCapabilities:
          -NET_RAW
           ...
           # Unrelated fields omitted

• Or by using Policy Controller or Gatekeeper with this constraint template and applying it, for example:

      # Dropping CAP_NET_RAW with Gatekeeper
      # (requires the K8sPSPCapabilities template)
      apiversion: constraints.gatekeeper.sh/v1beta1
      kind:  K8sPSPCapabilities
      metadata:
        name: forbid-cap-net-raw
      spec:
        match:
          kinds:
            - apiGroups: [""]
            kinds: ["Pod"]
          namespaces:
            #List of namespaces to enforce this constraint on
            - default
          # If running gatekeeper >= v3.1.0-beta.5,
          # you can exclude namespaces rather than including them above.
          excludedNamespaces:
            - kube-system
        parameters:
          requiredDropCapabilities:
            - "NET_RAW"

• Or by updating your Pod specs:

      # Dropping CAP_NET_RAW from a Pod:
      apiVersion: v1
      kind: Pod
      metadata:
        name: no-cap-net-raw
      spec:
        containers:
          -name: my-container
           ...
          securityContext:
            capabilities:
              drop:
                -NET_RAW

What vulnerability is addressed by this patch?

The patch mitigates the following vulnerability:

The vulnerability CVE-2020-14386, which allows containers with CAP_NET_RAW to write 1 to 10 bytes of kernel memory, and possibly escape the container and obtain root privileges on the host node. This is rated as a High severity vulnerability.

A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386, that may allow container escape to obtain root privileges on the host node.

All Anthos clusters on VMware nodes are affected.

What should I do?

To fix this vulnerability, upgrade your cluster to a patched version. The following upcoming {gke_on_prem_name}} versions will contain the fix for this vulnerability, and this bulletin will be updated when they are available:

• Anthos clusters on VMware 1.4.3, now available.
• Anthos clusters on VMware 1.3.4, now available.

Exploiting this vulnerability requires CAP_NET_RAW, but very few containers typically require CAP_NET_RAW. This and other powerful capabilities should be blocked by default through PodSecurityPolicy or Policy Controller:

Drop the CAP_NET_RAW capability from containers with one of the following methods:

• Enforce blocking these capabilities with PodSecurityPolicy, for example:

      # Require dropping CAP_NET_RAW with a PSP
      apiversion: extensions/v1beta1
      kind: PodSecurityPolicy
      metadata:
        name: no-cap-net-raw
      spec:
        requiredDropCapabilities:
          -NET_RAW
           ...
           # Unrelated fields omitted

• Or by using Policy Controller or Gatekeeper with this constraint template and applying it, for example:

      # Dropping CAP_NET_RAW with Gatekeeper
      # (requires the K8sPSPCapabilities template)
      apiversion: constraints.gatekeeper.sh/v1beta1
      kind:  K8sPSPCapabilities
      metadata:
        name: forbid-cap-net-raw
      spec:
        match:
          kinds:
            - apiGroups: [""]
            kinds: ["Pod"]
          namespaces:
            #List of namespaces to enforce this constraint on
            - default
          # If running gatekeeper >= v3.1.0-beta.5,
          # you can exclude namespaces rather than including them above.
          excludedNamespaces:
            - kube-system
        parameters:
          requiredDropCapabilities:
            - "NET_RAW"

• Or by updating your Pod specs:

      # Dropping CAP_NET_RAW from a Pod:
      apiVersion: v1
      kind: Pod
      metadata:
        name: no-cap-net-raw
      spec:
        containers:
          -name: my-container
           ...
          securityContext:
            capabilities:
              drop:
                -NET_RAW

What vulnerability is addressed by this patch?

The patch mitigates the following vulnerability:

The vulnerability CVE-2020-14386, which allows containers with CAP_NET_RAW to write 1 to 10 bytes of kernel memory, and possibly escape the container and obtain root privileges on the host node. This is rated as a High severity vulnerability.

A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386, that may allow container escape to obtain root privileges on the host node.

All Anthos clusters on AWS nodes are affected.

What should I do?

To fix this vulnerability, upgrade your management service and your user clusters to a patched version. The following upcoming Anthos clusters on AWS versions or newer will include the fix for this vulnerability, and this bulletin will be updated when they are available:

• 1.5.0-gke.6
• 1.4.3-gke.7

Drop the CAP_NET_RAW capability from containers with one of the following methods:

• Enforce blocking these capabilities with PodSecurityPolicy, for example:

      # Require dropping CAP_NET_RAW with a PSP
      apiversion: extensions/v1beta1
      kind: PodSecurityPolicy
      metadata:
        name: no-cap-net-raw
      spec:
        requiredDropCapabilities:
          -NET_RAW
           ...
           # Unrelated fields omitted

• Or by using Policy Controller or Gatekeeper with this constraint template and applying it, for example:

      # Dropping CAP_NET_RAW with Gatekeeper
      # (requires the K8sPSPCapabilities template)
      apiversion: constraints.gatekeeper.sh/v1beta1
      kind:  K8sPSPCapabilities
      metadata:
        name: forbid-cap-net-raw
      spec:
        match:
          kinds:
            - apiGroups: [""]
            kinds: ["Pod"]
          namespaces:
            #List of namespaces to enforce this constraint on
            - default
          # If running gatekeeper >= v3.1.0-beta.5,
          # you can exclude namespaces rather than including them above.
          excludedNamespaces:
            - kube-system
        parameters:
          requiredDropCapabilities:
            - "NET_RAW"

• Or by updating your Pod specs:

      # Dropping CAP_NET_RAW from a Pod:
      apiVersion: v1
      kind: Pod
      metadata:
        name: no-cap-net-raw
      spec:
        containers:
          -name: my-container
           ...
          securityContext:
            capabilities:
              drop:
                -NET_RAW

What vulnerability is addressed by this patch?

The patch mitigates the following vulnerability:

The vulnerability CVE-2020-14386, which allows containers with CAP_NET_RAW to write 1 to 10 bytes of kernel memory, and possibly escape the container and obtain root privileges on the host node. This is rated as a High severity vulnerability.

A networking vulnerability, CVE-2020-8558, was recently discovered in Kubernetes. Services sometimes communicate with other applications running inside the same Pod using the local loopback interface (127.0.0.1). This vulnerability allows an attacker with access to the cluster's network to send traffic to the loopback interface of adjacent Pods and nodes. Services that rely on the loopback interface not being accessible outside their Pod could be exploited.

Exploiting this vulnerability on GKE clusters requires an attacker to have network administrator privileges on the Google Cloud hosting the cluster's VPC. This vulnerability alone does not give an attacker network administrator privileges. For this reason, this vulnerability has been assigned a Low severity for GKE.

What should I do?

To fix this vulnerability, upgrade your cluster's node pools to the following GKE versions (and later):

• 1.17.7-gke.0
• 1.16.11-gke.0
• 1.16.10-gke.11
• 1.16.9-gke.14

What vulnerability is addressed by this patch?

This patch fixes the following vulnerability: CVE-2020-8558.

Low

A networking vulnerability, CVE-2020-8558, was recently discovered in Kubernetes. Services sometimes communicate with other applications running inside the same Pod using the local loopback interface (127.0.0.1). This vulnerability allows an attacker with access to the cluster's network to send traffic to the loopback interface of adjacent Pods and nodes. Services that rely on the loopback interface not being accessible outside their Pod could be exploited.

What should I do?

To fix this vulnerability, upgrade your cluster to a patched version. The following upcoming Anthos clusters on VMware versions or newer contain the fix for this vulnerability:

• Anthos clusters on VMware 1.4.1

What vulnerability is addressed by this patch?

This patch fixes the following vulnerability: CVE-2020-8558.

Medium

A networking vulnerability, CVE-2020-8558, was recently discovered in Kubernetes. Services sometimes communicate with other applications running inside the same Pod using the local loopback interface (127.0.0.1). This vulnerability allows an attacker with access to the cluster's network to send traffic to the loopback interface of adjacent Pods and nodes. Services that rely on the loopback interface not being accessible outside their Pod could be exploited.

Exploiting this vulnerability on user clusters requires an attacker to disable source destination checks on the EC2 instances in the cluster. This requires the attacker to have AWS IAM permissions for ModifyInstanceAttribute or ModifyNetworkInterfaceAttribute on the EC2 instances. For this reason, this vulnerability has been assigned a Low severity for Anthos clusters on AWS.

What should I do?

To fix this vulnerability, upgrade your cluster to a patched version. The following upcoming Anthos clusters on AWS versions or newer are expected to include the fix for this vulnerability:

• Anthos clusters on AWS 1.4.1-gke.17

What vulnerability is addressed by this patch?

This patch fixes the following vulnerability: CVE-2020-8558.

Low

A privilege escalation vulnerability, CVE-2020-8559, was recently discovered in Kubernetes. This vulnerability allows an attacker that has already compromised a node to execute a command in any Pod in the cluster. The attacker can thereby use the already compromised node to compromise other nodes and potentially read information, or cause destructive actions.

Note that for an attacker to exploit this vulnerability, a node in your cluster must have already been compromised. This vulnerability, by itself, will not compromise any nodes in your cluster.

What should I do?

Upgrade your cluster to a patched version. Clusters will be auto-upgraded over the next weeks, and patched versions will be available by July 19, 2020 for an accelerated manual upgrade schedule. The following GKE control plane versions or newer contain the fix for this vulnerability:

• v1.14.10-gke.46
• v1.15.12-gke.8
• v1.16.9-gke.11
• v1.16.10-gke.9
• v1.16.11-gke.3+
• v1.17.7-gke.6+

What vulnerability is addressed by this patch?

These patches mitigate vulnerability CVE-2020-8559. This is rated as a Medium vulnerability for GKE, as it requires the attacker to have first hand information about the cluster, nodes, and workloads to effectively leverage this attack in addition to an existing compromised node. This vulnerability by itself will not provide an attacker with a compromised node.

A privilege escalation vulnerability, CVE-2020-8559, was recently discovered in Kubernetes. This vulnerability allows an attacker that has already compromised a node to execute a command in any Pod in the cluster. The attacker can thereby use the already compromised node to compromise other nodes and potentially read information, or cause destructive actions.

Note that for an attacker to exploit this vulnerability, a node in your cluster must have already been compromised. This vulnerability, by itself, will not compromise any nodes in your cluster.

What should I do?

Upgrade your cluster to a patched version. The following upcoming Anthos clusters on VMware versions or newer contain the fix for this vulnerability:

• Anthos 1.3.3
• Anthos 1.4.1

What vulnerability is addressed by this patch?

These patches mitigate vulnerability CVE-2020-8559. This is rated as a Medium vulnerability for GKE, as it requires the attacker to have first hand information about the cluster, nodes, and workloads to effectively leverage this attack in addition to an existing compromised node. This vulnerability by itself will not provide an attacker with a compromised node.

A privilege escalation vulnerability, CVE-2020-8559, was recently discovered in Kubernetes. This vulnerability allows an attacker that has already compromised a node to execute a command in any Pod in the cluster. The attacker can thereby use the already compromised node to compromise other nodes and potentially read information, or cause destructive actions.

Note that for an attacker to exploit this vulnerability, a node in your cluster must have already been compromised. This vulnerability, by itself, will not compromise any nodes in your cluster.

What should I do?

Anthos clusters on AWS GA (1.4.1, available end of July, 2020) or newer includes the patch for this vulnerability. If you are using a previous version, download a new version of the anthos-gke command line tool and recreate your management and user clusters.

What vulnerability is addressed by this patch?

These patches mitigate vulnerability CVE-2020-8559. This is rated as a Medium vulnerability for GKE, as it requires the attacker to have first hand information about the cluster, nodes, and workloads to effectively leverage this attack in addition to an existing compromised node. This vulnerability by itself will not provide an attacker with a compromised node.

Server Side Request Forgery (SSRF) vulnerability, CVE-2020-8555, was recently discovered in Kubernetes, allowing certain authorized users to leak up to 500 bytes of sensitive information from the control plane host network. The Google Kubernetes Engine (GKE) control plane uses controllers from Kubernetes and is thus affected by this vulnerability. We recommend that you upgrade the control plane to the latest patch version, as we detail below. A node upgrade is not required.

What should I do?

• 1.14.7-gke.39
• 1.14.8-gke.32
• 1.14.9-gke.17
• 1.14.10-gke.12
• 1.15.7-gke.17
• 1.16.4-gke.21
• 1.17.0-gke.0

Clusters using release channels are already on control plane versions with the mitigation.

What vulnerability is addressed by this patch?

These patches mitigate vulnerability CVE-2020-8555. This is rated as a Medium vulnerability for GKE as it was difficult to exploit due to various control plane hardening measures.

An attacker with permissions to create a Pod with certain built-in Volume types (GlusterFS, Quobyte, StorageFS, ScaleIO) or permissions to create a StorageClass can cause kube-controller-manager to make GET requests or POST requests without an attacker controlled request body from the master's host network. These volume types are rarely used on GKE, so new use of these volume types may be a useful detection signal.

Combined with a means to leak the results of the GET/POST back to the attacker, such as through logs, this can lead to disclosure of sensitive information. We have updated the storage drivers in question to remove the potential for such leaks.

Server Side Request Forgery (SSRF) vulnerability, CVE-2020-8555, was recently discovered in Kubernetes, allowing certain authorized users to leak up to 500 bytes of sensitive information from the control plane host network. The Google Kubernetes Engine (GKE) control plane uses controllers from Kubernetes and is thus affected by this vulnerability. We recommend that you upgrade the control plane to the latest patch version, as we detail below. A node upgrade is not required.

What should I do?

The following Anthos clusters on VMware (GKE on-prem) versions or newer contain the fix for this vulnerability:

• Anthos 1.3.0

If you are using a previous version, upgrade your existing cluster to a version containing the fix.

What vulnerability is addressed by this patch?

These patches mitigate vulnerability CVE-2020-8555. This is rated as a Medium vulnerability for GKE as it was difficult to exploit due to various control plane hardening measures.

An attacker with permissions to create a Pod with certain built-in Volume types (GlusterFS, Quobyte, StorageFS, ScaleIO) or permissions to create a StorageClass can cause kube-controller-manager to make GET requests or POST requests without an attacker controlled request body from the master's host network. These volume types are rarely used on GKE, so new use of these volume types may be a useful detection signal.

Combined with a means to leak the results of the GET/POST back to the attacker, such as through logs, this can lead to disclosure of sensitive information. We have updated the storage drivers in question to remove the potential for such leaks.

Server Side Request Forgery (SSRF) vulnerability, CVE-2020-8555, was recently discovered in Kubernetes, allowing certain authorized users to leak up to 500 bytes of sensitive information from the control plane host network. The Google Kubernetes Engine (GKE) control plane uses controllers from Kubernetes and is thus affected by this vulnerability. We recommend that you upgrade the control plane to the latest patch version, as we detail below. A node upgrade is not required.

What should I do?

Anthos clusters on AWS (GKE on AWS) v0.2.0 or newer already includes the patch for this vulnerability. If you are using a previous version, download a new version of the anthos-gke command line tool and recreate your management and user clusters.

What vulnerability is addressed by this patch?

These patches mitigate vulnerability CVE-2020-8555. This is rated as a Medium vulnerability for GKE as it was difficult to exploit due to various control plane hardening measures.

An attacker with permissions to create a Pod with certain built-in Volume types (GlusterFS, Quobyte, StorageFS, ScaleIO) or permissions to create a StorageClass can cause kube-controller-manager to make GET requests or POST requests without an attacker controlled request body from the master's host network. These volume types are rarely used on GKE, so new use of these volume types may be a useful detection signal.

Combined with a means to leak the results of the GET/POST back to the attacker, such as through logs, this can lead to disclosure of sensitive information. We have updated the storage drivers in question to remove the potential for such leaks.

Kubernetes has disclosed a vulnerability that allows a privileged container to redirect node traffic to another container. Mutual TLS/SSH traffic, such as between the kubelet and API server or traffic from applications using mTLS cannot be read or modified by this attack. All Google Kubernetes Engine (GKE) nodes are affected by this vulnerability, and we recommend that you upgrade to the latest patch version, as we detail below.

What should I do?

• 1.14.10-gke.36
• 1.15.11-gke.15
• 1.16.8-gke.15

Very few containers typically require CAP_NET_RAW. This and other powerful capabilities should be blocked by default through PodSecurityPolicy or Anthos Policy Controller:

Drop the CAP_NET_RAW capability from containers with one of the following methods:

• Enforce blocking these capabilities with PodSecurityPolicy, for example:

      # Require dropping CAP_NET_RAW with a PSP
      apiversion: extensions/v1beta1
      kind: PodSecurityPolicy
      metadata:
        name: no-cap-net-raw
      spec:
        requiredDropCapabilities:
          -NET_RAW
           ...
           # Unrelated fields omitted

• Or by using Policy Controller or Gatekeeper with this constraint template and applying it, for example:

      # Dropping CAP_NET_RAW with Gatekeeper
      # (requires the K8sPSPCapabilities template)
      apiversion: constraints.gatekeeper.sh/v1beta1
      kind:  K8sPSPCapabilities
      metadata:
        name: forbid-cap-net-raw
      spec:
        match:
          kinds:
            - apiGroups: [""]
            kinds: ["Pod"]
          namespaces:
            #List of namespaces to enforce this constraint on
            - default
          # If running gatekeeper >= v3.1.0-beta.5,
          # you can exclude namespaces rather than including them above.
          excludedNamespaces:
            - kube-system
        parameters:
          requiredDropCapabilities:
            - "NET_RAW"

• Or by updating your Pod specs:

      # Dropping CAP_NET_RAW from a Pod:
      apiVersion: v1
      kind: Pod
      metadata:
        name: no-cap-net-raw
      spec:
        containers:
          -name: my-container
           ...
          securityContext:
            capabilities:
              drop:
                -NET_RAW

What vulnerability is addressed by this patch?

The patch mitigate the following vulnerability:

The vulnerability described in Kubernetes issue 91507 CAP_NET_RAW capability (which is included in the default container capability set) to maliciously configure the IPv6 stack on the node and redirect node traffic to the attacker controlled container. This will allow the attacker to intercept/modify traffic originating from or destined for the node. Mutual TLS/SSH traffic, such as between the kubelet and API server or traffic from applications using mTLS cannot be read or modified by this attack.

Kubernetes has disclosed a vulnerability that allows a privileged container to redirect node traffic to another container. Mutual TLS/SSH traffic, such as between the kubelet and API server or traffic from applications using mTLS cannot be read or modified by this attack. All Google Kubernetes Engine (GKE) nodes are affected by this vulnerability, and we recommend that you upgrade to the latest patch version, as we detail below.

What should I do?

• Anthos 1.3.2

Very few containers typically require CAP_NET_RAW. This and other powerful capabilities should be blocked by default through Anthos Policy Controller or by updating your Pod specs:

Drop the CAP_NET_RAW capability from containers with one of the following methods:

• Enforce blocking these capabilities with PodSecurityPolicy, for example:

      # Require dropping CAP_NET_RAW with a PSP
      apiversion: extensions/v1beta1
      kind: PodSecurityPolicy
      metadata:
        name: no-cap-net-raw
      spec:
        requiredDropCapabilities:
          -NET_RAW
           ...
           # Unrelated fields omitted

• Or by using Policy Controller or Gatekeeper with this constraint template and applying it, for example:

      # Dropping CAP_NET_RAW with Gatekeeper
      # (requires the K8sPSPCapabilities template)
      apiversion: constraints.gatekeeper.sh/v1beta1
      kind:  K8sPSPCapabilities
      metadata:
        name: forbid-cap-net-raw
      spec:
        match:
          kinds:
            - apiGroups: [""]
            kinds: ["Pod"]
          namespaces:
            #List of namespaces to enforce this constraint on
            - default
          # If running gatekeeper >= v3.1.0-beta.5,
          # you can exclude namespaces rather than including them above.
          excludedNamespaces:
            - kube-system
        parameters:
          requiredDropCapabilities:
            - "NET_RAW"

• Or by updating your Pod specs:

      # Dropping CAP_NET_RAW from a Pod:
      apiVersion: v1
      kind: Pod
      metadata:
        name: no-cap-net-raw
      spec:
        containers:
          -name: my-container
           ...
          securityContext:
            capabilities:
              drop:
                -NET_RAW

What vulnerability is addressed by this patch?

The patch mitigate the following vulnerability:

The vulnerability described in Kubernetes issue 91507 CAP_NET_RAW capability (which is included in the default container capability set) to maliciously configure the IPv6 stack on the node and redirect node traffic to the attacker controlled container. This will allow the attacker to intercept/modify traffic originating from or destined for the node. Mutual TLS/SSH traffic, such as between the kubelet and API server or traffic from applications using mTLS cannot be read or modified by this attack.

Kubernetes has disclosed a vulnerability that allows a privileged container to redirect node traffic to another container. Mutual TLS/SSH traffic, such as between the kubelet and API server or traffic from applications using mTLS cannot be read or modified by this attack. All Google Kubernetes Engine (GKE) nodes are affected by this vulnerability, and we recommend that you upgrade to the latest patch version, as we detail below.

What should I do?

Download the anthos-gke command line tool with the following version or newer and recreate your management and user clusters:

• aws-0.2.1-gke.7

Very few containers typically require CAP_NET_RAW. This and other powerful capabilities should be blocked by default through Anthos Policy Controller or by updating your Pod specs:

Drop the CAP_NET_RAW capability from containers with one of the following methods:

• Enforce blocking these capabilities with PodSecurityPolicy, for example:

      # Require dropping CAP_NET_RAW with a PSP
      apiversion: extensions/v1beta1
      kind: PodSecurityPolicy
      metadata:
        name: no-cap-net-raw
      spec:
        requiredDropCapabilities:
          -NET_RAW
           ...
           # Unrelated fields omitted

• Or by using Policy Controller or Gatekeeper with this constraint template and applying it, for example:

      # Dropping CAP_NET_RAW with Gatekeeper
      # (requires the K8sPSPCapabilities template)
      apiversion: constraints.gatekeeper.sh/v1beta1
      kind:  K8sPSPCapabilities
      metadata:
        name: forbid-cap-net-raw
      spec:
        match:
          kinds:
            - apiGroups: [""]
            kinds: ["Pod"]
          namespaces:
            #List of namespaces to enforce this constraint on
            - default
          # If running gatekeeper >= v3.1.0-beta.5,
          # you can exclude namespaces rather than including them above.
          excludedNamespaces:
            - kube-system
        parameters:
          requiredDropCapabilities:
            - "NET_RAW"

• Or by updating your Pod specs:

      # Dropping CAP_NET_RAW from a Pod:
      apiVersion: v1
      kind: Pod
      metadata:
        name: no-cap-net-raw
      spec:
        containers:
          -name: my-container
           ...
          securityContext:
            capabilities:
              drop:
                -NET_RAW

What vulnerability is addressed by this patch?

The patch mitigate the following vulnerability:

The vulnerability described in Kubernetes issue 91507 CAP_NET_RAW capability (which is included in the default container capability set) to maliciously configure the IPv6 stack on the node and redirect node traffic to the attacker controlled container. This will allow the attacker to intercept/modify traffic originating from or destined for the node. Mutual TLS/SSH traffic, such as between the kubelet and API server or traffic from applications using mTLS cannot be read or modified by this attack.

A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-8835, allowing container escape to obtain root privileges on the host node.

Google Kubernetes Engine (GKE) Ubuntu nodes running GKE 1.16 or 1.17 are affected by this vulnerability, and we recommend that you upgrade to the latest patch version as soon as possible, as we detail below.

Nodes running Container-Optimized OS are not affected. Nodes running on Anthos clusters on VMware are not affected.

What should I do?

For most customers, no further action is required. Only nodes running Ubuntu in GKE version 1.16 or 1.17 are affected.

In order to upgrade your nodes, you must first upgrade your master to the newest version. This patch will be available in Kubernetes 1.16.8-gke.12, 1.17.4-gke.10, and newer releases. Track the availability of these patches in the release notes.

What vulnerability is addressed by this patch?

The patch mitigates the following vulnerability:

CVE-2020-8835 describes a vulnerability in the Linux kernel version 5.5.0 and newer that allows a malicious container to (with minimal user interaction in the form of an exec) read and write kernel memory and thus gain root-level code execution on the host node. This is rated as a 'High' severity vulnerability.

A vulnerability was recently discovered in Kubernetes, described in CVE-2019-11254, which allows any user authorized to make POST requests to execute a remote Denial-of-Service attack on a Kubernetes API server. The Kubernetes Product Security Committee (PSC) released additional information on this vulnerability which can be found here.

You can mitigate this vulnerability by limiting which clients have network access to your Kubernetes API servers.

What should I do?

We recommend that you upgrade your clusters to patch versions containing the fix for this vulnerability as soon as they are available.

The patch versions which contain the fix are listed below:

• Anthos 1.3.0, which runs Kubernetes version 1.15.7-gke.32

What vulnerabilities are addressed by this patch?

The patch fixes the following Denial-of-Service (DoS) vulnerability:

CVE-2019-11254.

A vulnerability was recently discovered in Kubernetes, described in CVE-2019-11254, which allows any user authorized to make POST requests to execute a remote Denial-of-Service attack on a Kubernetes API server. The Kubernetes Product Security Committee (PSC) released additional information on this vulnerability which can be found here.

GKE Clusters that use Master Authorized Networks and Private clusters with no public endpoint mitigate this vulnerability.

What should I do?

We recommend that you upgrade your cluster to a patch version containing the fix for this vulnerability.

The patch versions which contain the fix are listed below:

• 1.13.12-gke.29
• 1.14.9-gke.27