TF 0302 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Unsafe sysctl options set
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
The configuration sets unsafe sysctl options in Kubernetes pod security contexts, allowing modification of kernel parameters that are not part of the allowed safe subset. This can weaken isolation between pods and potentially disable important security mechanisms.
Impact
Exploiting unsafe sysctl settings can let attackers interfere with kernel-level behavior, affect other containers on the same host, and bypass security boundaries, increasing the risk of container breakout, denial of service, or broader system compromise.
Resolution
Do not set 'spec.securityContext.sysctls' or set to values in an allowed subset