GCP-2023-048

Google Cloud Platform Security Advisory

Published: 2023-12-15
Reference: CVE-2023-3390

GKE

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-3390

GKE Standard and Autopilot clusters are impacted.

Clusters using GKE Sandbox aren’t impacted.

What should I do?

The following minor versions are affected. Upgrade your Container-Optimized OS node pools to one of the following patch versions or later:

  • 1.27.4-gke.400
  • 1.28.0-gke.100

The following minor versions are affected. Upgrade your Ubuntu node pools to one of the following patch versions or later:

  • 1.24.14-gke.1027001
  • 1.25.12-gke.900
  • 1.26.5-gke.1014001
  • 1.27.4-gke.900
  • 1.28.1-gke.1050000

You can apply patch versions from newer release channels if your cluster runs the same minor version in its own release channel. This feature lets you secure your nodes until the patch version becomes the default in your release channel. For details, see Run patch versions from a newer channel.

High

GKE on VMware

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-3390

What should I do?

Pending

GKE on AWS

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-3390

What should I do?

Pending

GKE on Azure

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-3390

What should I do?

Pending

GKE on Bare Metal

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-3390

What should I do?

There is no action required. GKE on Bare Metal isn’t affected as it does not bundle an operating system in its distribution.

None

CLICK FOR MORE INFORMATION