CVE-2022–0185: How to Identify at Risk Kernel Versions in Your K8S Cluster

Written By: Andy Suderman

Identify Kernel Version in Kubernetes Clusters

Insights OPA Policy

package fairwindsallowedKernelVersion(elem) {
v := elem.parameters.kernelVersions[_]
elem.status.nodeInfo.kernelVersion == v
}
unsupportedKernel[actionItem] {
not allowedKernelVersion(input)
actionItem := {
"title": "Kernel Version is Unsupported ",
"description": sprintf("kernel version %s is unsupported", [input.status.nodeInfo.kernelVersion]),
"severity": 0.5, "remediation": "Update the base image version.",
"category": "Security"
}
}
parameters:
kernelVersions:
- 5.11.0-1027-aws
targets:
- apiGroups:
- ''
kinds:
- Node
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.nodeInfo.kernelVersion}{"\n"}{end}'

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Fairwinds

Fairwinds — The Kubernetes Enablement Company | Editor of uptime 99