A vulnerability has been found in Cilium 1.13.0 and classified as problematic. This vulnerability affects some unknown processing of the component eBPF. The manipulation with an unknown input leads to a exceptional condition vulnerability. The CWE definition for the vulnerability is CWE-755. The software does not handle or incorrectly handles an exceptional condition. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.

The weakness was presented 03/18/2023 as GHSA-r5x6-w42p-jhpp. The advisory is shared for download at github.com. This vulnerability was named CVE-2023-27595 since 03/04/2023. There are neither technical details nor an exploit publicly available.

Upgrading to version 1.13.1 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Productinfo

Name

• Cilium

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion