Impact
What kind of vulnerability is it? Who is impacted?
In the event the Falco kernel module crashed or blocked indefinitely, Falco would no longer receive system call events. Since Falco did not implement any mechanism to detect this event, if attackers could make such an event happen, they could potentially perform any desired action afterward without Falco being notified.
Users using Falco versions up to 0.28.0 with the kernel module are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
This problem has been addressed by #1622.
Users should upgrade to version 0.28.1 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
A version upgrade to 0.28.1 is needed.
References
Are there any links users can visit to find out more?
This vulnerability was initially reported in this security audit, and it's identified by the ID FAL-01-001.
For more information
If you have any questions or comments about this advisory:
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
leodido Analyst
Impact
What kind of vulnerability is it? Who is impacted?
In the event the Falco kernel module crashed or blocked indefinitely, Falco would no longer receive system call events. Since Falco did not implement any mechanism to detect this event, if attackers could make such an event happen, they could potentially perform any desired action afterward without Falco being notified.
Users using Falco versions up to 0.28.0 with the kernel module are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
This problem has been addressed by #1622.
Users should upgrade to version 0.28.1 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
A version upgrade to 0.28.1 is needed.
References
Are there any links users can visit to find out more?
This vulnerability was initially reported in this security audit, and it's identified by the ID
FAL-01-001.For more information
If you have any questions or comments about this advisory:
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory: