GCP-2023-042

Google Cloud Platform Security Advisory

Published: 2023-11-13
Reference: CVE-2023-4147

GKE

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4147

GKE Standard clusters are impacted. GKE Autopilot clusters aren’t impacted.

Clusters using GKE Sandbox aren’t impacted.

What should I do?

Upgrade your Container-Optimized OS node pools to one of the following versions or later:

  • 1.27.5-gke.200
  • 1.28.2-gke.1157000

Upgrade your Ubuntu node pools to one of the following versions or later:

  • 1.25.14-gke.1421000
  • 1.26.9-gke.1437000
  • 1.27.6-gke.1248000
  • 1.28.2-gke.1157000

You can apply patch versions from newer release channels if your cluster runs the same minor version in its own release channel. This feature lets you secure your nodes until the patched version becomes the default in your release channel. For details, see Run patch versions from a newer channel.

High

Anthos clusters on VMware

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4147

What should I do?

Pending

Anthos clusters on AWS

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4147

What should I do?

Pending

Anthos on Azure

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4147

What should I do?

Pending

Anthos clusters on bare metal

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4147

What should I do?

There is no action required. Anthos clusters on bare metal aren’t affected as it does not bundle an operating system in its distribution.

None

CLICK FOR MORE INFORMATION