"Fixing the Linux Kernel Vulnerability CVE-2022-0185" is an inaccurate title. The post says nothing about fixing that Linux vulnerability. Rather, the post is about how kubernetes users can use AccuKnox's products to mitigate the vulnerability.
Fixing the Linux Kernel Vulnerability CVE-2022-0185
Submitted 2 years ago by CHEFKOCH@lemmy.ml to linux@lemmy.ml
https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/
Comments
cypherpunks@lemmy.ml 2 years ago
CHEFKOCH@lemmy.ml 2 years ago
Authors choice of title - Protect from CVE-2022-0185 - I say it is a permanent fix, so my title is more accurate.
cypherpunks@lemmy.ml 2 years ago
Does it fix anything for Linux users who don't use kubernetes? The vast majority of don't. The obvious way everyone should fix CVE-2022-0185 today is by upgrading their kernel. If your distro hasn't shipped an update with the fix yet, you should find a new distro.
I was hoping that this link would tell me about the process of writing the Linux kernel patch (which I of course upgraded to already) which fixed the bug.
Instead I found an advertisement for a kubernetes-related product. I have no idea if "AccuKnox" is any good, but I do know that at this point in time nobody should be "fixing" CVE-2022-0185 by installing it - the correct fix is to upgrade Linux.
Perhaps this product is a good idea for kubernetes users to mitigate the next unprivileged user namespace related vulnerability; I stopped reading when I realized it was all about kubernetes.
Another good mitigation for Linux users in general is to simply disable unprivileged user namespaces altogether :)
a_Ha@lemmy.ml 2 years ago
CVE-2022-0185
From the Ubuntu security team
~Published:18hJanuaryh2022~
Mitigation
Disable unprivileged user namespaces:
sysctl -w kernel.unprivileged_userns_clone=0
Nick Haflinger is, here again, 100% right.
Sorry @CHEFKOCH@lemmy.ml I read your link up to the end.
CHEFKOCH@lemmy.ml 2 years ago
The title does not mention anything near - Mitigation.
You workaround is Ubuntu or more precise Kernel specific because most newer kernel already do this which can according to my link even cause issues.
Nice try...
Image
a_Ha@lemmy.ml 2 years ago
I understand that I didn't understand enough. I will leave this topic.