GCP-2024-041

Google Cloud Platform Security Advisory

Published: 2024-07-08
Reference: CVE-2023-52654, CVE-2023-52656

GKE

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

GKE Standard and Autopilot clusters are impacted.

Clusters using GKE Sandbox aren’t impacted.

What should I do?

The following minor versions are affected. Upgrade your Container-Optimized OS node pools to one of the following patch versions or later:

  • 1.26.15-gke.1300000
  • 1.27.13-gke.1166000
  • 1.28.9-gke.1209000
  • 1.29.4-gke.1542000

You can apply patch versions from newer release channels if your cluster runs the same minor version in its own release channel. This feature lets you secure your nodes until the patch version becomes the default in your release channel. For details, see Run patch versions from a newer channel.

High

GDC (VMware)

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

What should I do?

Pending

GKE on AWS

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

What should I do?

Pending

GKE on Azure

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

What should I do?

Pending

GDC (bare metal)

DescriptionSeverity

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

What should I do?

There is no action required. GDC software for bare metal isn’t affected as it does not bundle an operating system in its distribution.

None

CLICK FOR MORE INFORMATION

Leave a Reply

Your email address will not be published. Required fields are marked *