CVE-2022-0492

Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 5.24%• Percentile: 90%

Techniques & Countermeasures

• CWE-287•Improper Authentication

  When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

• CWE-862•Missing Authorization

  The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 18.04 | 20.04 | 22.04

• debian•debian_linux

  9.0 | 10.0 | 11.0

• fedoraproject•fedora

  35

• linux•linux_kernel

  ≥ 2.6.24, < 4.9.301 | ≥ 4.10, < 4.14.266 | ≥ 4.15, < 4.19.229 | ≥ 4.20, < 5.4.177 | ≥ 5.5, < 5.10.97 | ≥ 5.11, < 5.15.20 | ≥ 5.16, < 5.16.6 | 5.17:rc1 | 5.17:rc2

• netapp•h300e

  na

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500e

  na

• netapp•h500s_firmware

  na

• netapp•h700e

  na

• netapp•h700s_firmware

  na

• netapp•hci_compute_node_firmware

  na

• netapp•solidfire_\&_hci_management_node

  na

• netapp•solidfire\,_enterprise_sds_\&_hci_storage_node

  na

• redhat•codeready_linux_builder

  8.0 | 8.2

• redhat•codeready_linux_builder_for_power_little_endian

  8.0 | 8.2

• redhat•enterprise_linux

  8.0

• redhat•enterprise_linux_eus

  8.2

• redhat•enterprise_linux_for_ibm_z_systems

  8.0

• redhat•enterprise_linux_for_ibm_z_systems_eus

  8.0

• redhat•enterprise_linux_for_power_little_endian

  8.0

• redhat•enterprise_linux_for_power_little_endian_eus

  8.0

• redhat•enterprise_linux_for_real_time_for_nfv_tus

  8.0 | 8.2

• redhat•enterprise_linux_for_real_time_tus

  8.0 | 8.2

• redhat•enterprise_linux_server_aus

  8.2

• redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

  8.1 | 8.2

• redhat•enterprise_linux_server_tus

  8.2

• redhat•enterprise_linux_server_update_services_for_sap_solutions

  8.1 | 8.2

• redhat•virtualization_host

  4.0

References (11)

• https://bugzilla.redhat.com/show_bug.cgi?id=2051505
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
• https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
• https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
• https://www.debian.org/security/2022/dsa-5095
• https://www.debian.org/security/2022/dsa-5096
• http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
• https://security.netapp.com/advisory/ntap-20220419-0002/
• http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
• http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0492