Critical OpenShift and OpenSSH Flaws Expose Linux Systems to Root Access
Authorities warned that Red Hat OpenShift Container Platform 4 contains two high-severity vulnerabilities that can lead to code execution and node takeover in enterprise container environments. CVE-2024-45496 in ose-openshift-controller-manager-container carries a CVSS 9.9 rating and can allow arbitrary code execution on an OpenShift node when a user with developer-level access exploits insufficient restrictions on elevated privileges. CVE-2024-7387 in openshift4/ose-docker-builder, rated CVSS 9.1, can enable arbitrary command execution on an OpenShift node and may allow privilege escalation and full control of the affected node. At the time of the alert, mitigations were available but vendor patches had not yet been released.
A separate alert highlighted the regreSSHion flaw in OpenSSH, which can give an attacker unrestricted root-level access on vulnerable Linux and FreeBSD-based systems. The issue affects OpenSSH versions from 8.5p1 up to but not including 9.8p1, as well as versions earlier than 4.4p1; OpenBSD-based systems were reported as not vulnerable. Successful exploitation has been confirmed on systems using glibc, while systems using musl libc were reported as not vulnerable, and the attack currently requires repeated attempts over hours or days. A fix is available in OpenSSH 9.8p1, though some distributors have backported the patch, meaning package version numbers alone may not reliably indicate exposure.
Timeline
Sep 17, 2024
Critical Red Hat OpenShift 4 vulnerabilities disclosed with mitigations only
Two high-severity vulnerabilities, CVE-2024-45496 and CVE-2024-7387, were disclosed in Red Hat OpenShift Container Platform 4 components. At the time of disclosure, mitigations were available but no corrective patches had yet been released, and users were advised to follow vendor mitigation guidance.
Jul 1, 2024
OpenSSH regreSSHion vulnerability disclosed and fixed in 9.8p1
A critical OpenSSH vulnerability known as regreSSHion was disclosed, affecting OpenSSH versions earlier than 9.8p1 on vulnerable Linux and FreeBSD-based systems. The vendor released a fix in OpenSSH 9.8p1, while some distributors also backported the patch to older package versions.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
OpenShift GitOps Privilege Escalation Vulnerability (CVE-2025-13888) Enables Cluster Takeover
A critical vulnerability (CVE-2025-13888) has been identified in OpenShift GitOps, allowing namespace administrators to escalate privileges and potentially take over entire Kubernetes clusters. The flaw enables authenticated attackers to create ArgoCD Custom Resources (CRs) that manipulate the system into granting elevated permissions in other namespaces, including those with privileged access. By leveraging these permissions, attackers can deploy privileged workloads on master nodes, effectively achieving root access across the cluster. Security advisories highlight that this vulnerability is remotely exploitable and poses a significant risk to organizations using OpenShift GitOps. The issue was disclosed by Red Hat, and while specific affected product versions are not detailed, the vulnerability is rated as critical with a CVSS score of 9.1. Organizations are urged to review their OpenShift GitOps deployments and apply mitigations or patches as recommended by the vendor to prevent potential exploitation and cluster compromise.
1 months ago
Red Hat OpenShift AI flaws exposed cross-namespace Llama services and service account tokens
Red Hat disclosed two high-severity vulnerabilities in OpenShift AI that could let authenticated attackers access other tenants’ resources and sensitive Kubernetes credentials. **CVE-2025-12805** affects the `llama-stack-operator`, where a missing `NetworkPolicy` left the Llama Stack service endpoint reachable across namespaces. Red Hat said a user in one namespace could directly access another user’s Llama Stack instance and potentially view or manipulate sensitive data, with the issue tracked under **CWE-653** and rated `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N`. A second flaw, **CVE-2026-5483**, impacts the `odh-dashboard` component and can expose Kubernetes Service Account tokens through a Node.js endpoint. Red Hat warned that disclosure of those tokens could enable unauthorized access to Kubernetes resources; the issue is mapped to **CWE-201** and carries the vector `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H`. Red Hat published CVE records, Bugzilla entries, and errata references for both vulnerabilities, highlighting risks to confidentiality and integrity in multi-tenant OpenShift AI deployments.
3 weeks ago
Linux Kernel Privilege Escalation CVE-2026-31431 Draws Patch and PoC Activity
`CVE-2026-31431` is a Linux kernel flaw classified as **CWE-669: Incorrect Resource Transfer Between Spheres** that can enable local privilege escalation to root and, in some cases, bypass isolation boundaries. The Canadian Centre for Cyber Security warned that the impact becomes more severe when the bug is chained with a remote code execution vulnerability, and urged organizations to identify exposed systems, apply vendor fixes, reboot after kernel updates, restrict access, enforce kernel security controls, monitor logs, and segment high-risk or Internet-facing workloads. Vendor and community activity indicates broad exposure across modern Linux platforms. Red Hat lists **RHEL 8**, **RHEL 9**, **RHEL 10**, and corresponding `kernel-rt` packages as affected, while **RHEL 6** and **RHEL 7** are marked not affected because the vulnerable code is absent. Public exploit interest accelerated after Theori published the **"Copy Fail"** technical write-up and proof-of-concept repository, which references testing on **Ubuntu 24.04 LTS**, **Amazon Linux 2023**, **RHEL 10.1**, and **SUSE 16**; Rocky Linux also published related errata, signaling downstream patch availability in enterprise Linux ecosystems.
5 days ago