NULL Pointer Dereference Affecting cri-o package, versions <0:1.23.3-1.el7
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE7-CRIO-2948595
- published 12 Jul 2022
- disclosed 9 Jun 2022
Introduced: 9 Jun 2022
CVE-2022-29224 Open this link in a new tabHow to fix?
Upgrade Oracle:7 cri-o to version 0:1.23.3-1.el7 or higher.
This issue was patched in ELSA-2022-9589.
NVD Description
Note: Versions mentioned in the description apply only to the upstream cri-o package and not the cri-o package as distributed by Oracle.
See How to fix? for Oracle:7 relevant fixed versions and status.
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation.
References
- https://linux.oracle.com/cve/CVE-2022-29224.html
- https://linux.oracle.com/errata/ELSA-2022-9586.html
- https://linux.oracle.com/errata/ELSA-2022-9587.html
- https://linux.oracle.com/errata/ELSA-2022-9588.html
- https://linux.oracle.com/errata/ELSA-2022-9589.html
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49
- https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db