While this issue affects the Linux Kernel in Kylin Enterprise Linux, and not OpenShift Container Platform (OCP) 3 code directly. OCP 3 makes use of CGroups in the Kernel to measure and report on the amount of system resources used by an end user application.
The default Security Context Constraints (SCC) in OpenShift Container Platform 3.x disallow an end user from running a container as root. Also a check is performed by the OCP 3 Installer to ensure SELinux is enabled, .
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack.