GCP-2023-035

Google Cloud Platform Security Advisory

Published: 2023-10-26
Reference: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4128

GKE

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4206
  • CVE-2023-4207
  • CVE-2023-4208
  • CVE-2023-4128

Autopilot clusters are impacted.

Clusters using GKE Sandbox are not impacted.

What should I do?

Upgrade your Container-Optimized OS node pools to one of the following versions or later:

  • 1.24.14-gke.1027001
  • 1.25.13-gke.1008000
  • 1.26.8-gke.1647000
  • 1.27.5-gke.200

Upgrade your Ubuntu node pools to one of the following versions or later:

  • 1.24.14-gke.1027001
  • 1.25.13-gke.1706000
  • 1.26.8-gke.1647000
  • 1.27.5-gke.1648000
  • 1.28.1-gke.1050000
High

Anthos clusters on VMware

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4206
  • CVE-2023-4207
  • CVE-2023-4208
  • CVE-2023-4128

What should I do?

High

Anthos clusters on AWS

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4206
  • CVE-2023-4207
  • CVE-2023-4208
  • CVE-2023-4128

What should I do?

High

Anthos on Azure

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4206
  • CVE-2023-4207
  • CVE-2023-4208
  • CVE-2023-4128

What should I do?

High

Anthos clusters on bare metal

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4206
  • CVE-2023-4207
  • CVE-2023-4208
  • CVE-2023-4128

What should I do?

There is no action required. Anthos clusters on bare metal are not affected as it does not bundle an operating system in its distribution.

High

CLICK FOR MORE INFORMATION