CVE-2022-0492

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 03-03-2022 08:15

Last modified: - 26-10-2022 01:44

Total changes: - 11

Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
https://bugzilla.redhat.com/show_bug.cgi?id=2051505
[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update-Mailing List, Third Party Advisory
[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update-Mailing List, Third Party Advisory
DSA-5096-Third Party Advisory
DSA-5095-Third Party Advisory
http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
https://security.netapp.com/advisory/ntap-20220419-0002/
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html

Keywords

CVE-2022-0492

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-0492

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures