CVE-2022-0492

CVE Database · CVE-2022-0492

CVE-2022-0492

· HIGHModified

CVSS v3.1

7.8

EPSS

5.50%

Published

Mar 3, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287CWE-862

Affected Products (50)

linux · linux_kernel (up to 4.9.301)vulnerable

linux · linux_kernel (up to 4.14.266)vulnerable

linux · linux_kernel (up to 4.19.229)vulnerable

linux · linux_kernel (up to 5.4.177)vulnerable

linux · linux_kernel (up to 5.10.97)vulnerable

linux · linux_kernel (up to 5.15.20)vulnerable

linux · linux_kernel (up to 5.16.6)vulnerable

linux · linux_kernelvulnerable

linux · linux_kernel

References (20)

http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html

https://bugzilla.redhat.com/show_bug.cgi?id=2051505

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

debian · debian_linuxvulnerable

redhat · codeready_linux_buildervulnerable

redhat · codeready_linux_builder_for_power_little_endianvulnerable

redhat · virtualization_hostvulnerable

redhat · enterprise_linuxvulnerable

redhat · enterprise_linux_eusvulnerable

redhat · enterprise_linux_for_ibm_z_systemsvulnerable

redhat · enterprise_linux_for_ibm_z_systems_eusvulnerable

redhat · enterprise_linux_for_power_little_endianvulnerable

redhat · enterprise_linux_for_power_little_endian_eusvulnerable

redhat · enterprise_linux_for_real_time_for_nfv_tusvulnerable

redhat · enterprise_linux_for_real_time_tusvulnerable

redhat · enterprise_linux_server_ausvulnerable

redhat · enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsvulnerable

redhat · enterprise_linux_server_tusvulnerable

redhat · enterprise_linux_server_update_services_for_sap_solutionsvulnerable

canonical · ubuntu_linuxvulnerable

fedoraproject · fedoravulnerable

netapp · solidfire\,_enterprise_sds_\&_hci_storage_nodevulnerable

netapp · solidfire_\&_hci_management_nodevulnerable

netapp · h300evulnerable

netapp · h300svulnerable

netapp · h410cvulnerable

netapp · h410svulnerable

netapp · h500evulnerable

netapp · h500svulnerable

netapp · h700evulnerable

netapp · h700svulnerable

netapp · hci_compute_nodevulnerable

https://bugzilla.redhat.com/show_bug.cgi?id=2051505

Issue TrackingPatchThird Party Advisory