Google Kubernetes Engine (GKE) - June 21st, 2023 [Feature, Security]

## Security A new vulnerability, CVE-2023-0468, has been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges to root when io\_poll\_get\_ownership will keep increasing req->poll\_refs on every io\_poll\_wake then overflow to 0 which will fput req->file twice and cause a struct file refcount issue. GKE clusters, including Autopilot clusters, with Container-Optimized OS using Linux Kernel version 5.15 are affected. GKE clusters using Ubuntu images or using GKE Sandbox are unaffected. For instructions and more details, see the [GKE security bulletin](https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2023-015-gke). ## Feature GKE support for [Hyperdisk Throughput and Hyperdisk Extreme](https://cloud.google.com/kubernetes-engine/docs/concepts/hyperdisk) as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.26 and later.