IT Security

Linux Kernel cgroups Vulnerability CVE-2022-0492

This is high severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary code against the containers host

CVSS score: 7.0
Risk: Privilege escalation

The issue is a privilege escalation flaw affecting the Linux kernel feature called control groups (groups), that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. The security issue is in a Linux kernel feature called control groups, also known as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network.

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.

Linux distros Suse, Ubuntu, and Redhat, also published their own advisories.

Redhat Advisory https://access.redhat.com/security/cve/cve-2022-0492
Ubuntu Advisory https://ubuntu.com/security/CVE-2022-0492
Debian https://security-tracker.debian.org/tracker/CVE-2022-0492
Suse https://www.suse.com/security/cve/CVE-2022-0492.html

Leave a Reply