oss-sec mailing list archives
CVE-2022-0492: Linux kernel cgroups v1 missing capabilities check when setting release_agent
From: Tabitha Sable <tabitha.c.sable () gmail com>
Date: Fri, 4 Feb 2022 10:56:19 -0600
Hello all, It has been discovered that under certain circumstances, the Linux kernel’s cgroups v1 release_agent feature can be used to escalate privilege and bypass namespace isolation unexpectedly. CVE-2022-0492 has been assigned to this issue, which is corrected by requiring CAP_SYS_ADMIN in the initial user namespace when setting release_agent. This has been included upstream in commit 24f6008564183aa120d07c03d9289519c2fe02af. ( https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af ) Thank you to Yiqi Sun and Kevin Wang of Huawei Security Team for disclosing their work that led to this fix. Cheers, Tabitha Sable
Current thread:
- CVE-2022-0492: Linux kernel cgroups v1 missing capabilities check when setting release_agent Tabitha Sable (Feb 04)