Описание
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Отчет
In the OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by the SELinux policy enabled (by default) on the OCP cluster nodes. Red Hat Virtualization requires SELinux running in enforcing mode[1] on all hypervisors and managers, which blocks this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | kernel | Fixed | RHSA-2022:1417 | 19.04.2022 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2022:4644 | 18.05.2022 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2022:4642 | 18.05.2022 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2022:4655 | 18.05.2022 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2022:2189 | 11.05.2022 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2022:5157 | 22.06.2022 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | kernel | Fixed | RHSA-2022:2186 | 11.05.2022 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
A vulnerability was found in the Linux kernel\u2019s cgroup_release_ag ...
Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP3)
7 High
CVSS3