Unsafe sysctl options set
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
The configuration sets unsafe sysctl options in Kubernetes pod security contexts, allowing modification of kernel parameters that are not part of the allowed safe subset. This can weaken isolation between pods and potentially disable important security mechanisms.
Impact#
Exploiting unsafe sysctl settings can let attackers interfere with kernel-level behavior, affect other containers on the same host, and bypass security boundaries, increasing the risk of container breakout, denial of service, or broader system compromise.
Resolution#
Do not set ‘spec.securityContext.sysctls’ or set to values in an allowed subset