What is the severity of CVE-2022-31076?

CVE-2022-31076 is considered a critical severity vulnerability due to the potential for remote denial-of-service attacks.

How do I fix CVE-2022-31076?

To fix CVE-2022-31076, upgrade KubeEdge to version 1.10.0 or later, as the issue has been addressed in these versions.

What versions of KubeEdge are affected by CVE-2022-31076?

CVE-2022-31076 affects KubeEdge versions prior to 1.10.0 and version 1.9.3.

What is the impact of CVE-2022-31076?

The impact of CVE-2022-31076 is that a malicious message can cause CloudCore to crash, resulting in service disruption.

Is CVE-2022-31076 exploitable remotely?

Yes, CVE-2022-31076 is exploitable remotely, allowing attackers to send malicious messages that can crash the service.

Vulnerability/
CVE-2022-31076

medium

5.7

CWE

476

27/6/2022

3/8/2024

CVE-2022-31076: Malicious Message can crash CloudCore in KubeEdge

First published: Mon Jun 27 2022(Updated: )

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
KubeEdge	<1.9.3
KubeEdge	=1.10.0
KubeEdge	=1.10.0-beta0

Remedy

https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-31076?
CVE-2022-31076 is considered a critical severity vulnerability due to the potential for remote denial-of-service attacks.
How do I fix CVE-2022-31076?
To fix CVE-2022-31076, upgrade KubeEdge to version 1.10.0 or later, as the issue has been addressed in these versions.
What versions of KubeEdge are affected by CVE-2022-31076?
CVE-2022-31076 affects KubeEdge versions prior to 1.10.0 and version 1.9.3.
What is the impact of CVE-2022-31076?
The impact of CVE-2022-31076 is that a malicious message can cause CloudCore to crash, resulting in service disruption.
Is CVE-2022-31076 exploitable remotely?
Yes, CVE-2022-31076 is exploitable remotely, allowing attackers to send malicious messages that can crash the service.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/remedy
agent/title
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/linuxfoundation
canonical/kubeedge
version/kubeedge/1.10.0
version/kubeedge/1.10.0-beta0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.