CVE-2022-0492: Linux kernel cgroups v1 missing capabilities check when setting release_agent

[Tabitha Sable <tabitha.c.sable () gmail com>]

Hello all,

It has been discovered that under certain circumstances, the Linux kernel’s
cgroups v1 release_agent feature can be used to escalate privilege and
bypass namespace isolation unexpectedly.

CVE-2022-0492 has been assigned to this issue, which is corrected by
requiring CAP_SYS_ADMIN in the initial user namespace when setting
release_agent. This has been included upstream in commit
24f6008564183aa120d07c03d9289519c2fe02af. (
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
)

Thank you to Yiqi Sun and Kevin Wang of Huawei Security Team for disclosing
their work that led to this fix.

Cheers,

Tabitha Sable