CVE-2022-0492

Published Mar 3, 2022

Last updated 11 days ago

Exploit known CVSS high 7.8

Ubuntu

Cloud

Container Security

ICS

Mobile device

Overview

AI description

Automated description summarized from trusted sources.

CVE-2022-0492 is a privilege escalation vulnerability found in the Linux kernel, specifically within the `cgroup_release_agent_write` function in the cgroups v1 implementation. This flaw allows an attacker to bypass namespace isolation and escalate privileges. The core issue stems from a missing authorization or capability check, enabling users who should not have such permissions to interact with a critical system file. The vulnerability exploits the `release_agent` feature of cgroups v1. This feature is designed to execute a specified program as the root user when a control group becomes empty. Under normal circumstances, only privileged users should be able to modify the `release_agent` file. However, CVE-2022-0492 allowed unprivileged users to manipulate this file, leading to the execution of arbitrary code with root privileges on the host system, thereby facilitating container escape.

Description: A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Source: secalert@redhat.com
NVD status: Analyzed
Products: h300s_firmware, h410c_firmware, h410s_firmware, h500s_firmware, h700s_firmware, bootstrap_os, linux_kernel, debian_linux, codeready_linux_builder, codeready_linux_builder_for_power_little_endian, virtualization_host, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_for_real_time_for_nfv_tus, enterprise_linux_for_real_time_tus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_server_tus, enterprise_linux_server_update_services_for_sap_solutions, ubuntu_linux, fedora, solidfire\,_enterprise_sds_\&_hci_storage_node, solidfire_\&_hci_management_node

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Linux Kernel Improper Authentication Vulnerability
Exploit added on: Jun 2, 2026
Exploit action due: Jun 5, 2026
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secalert@redhat.com: CWE-287
nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "006C09FF-C563-403E-8723-2A252C409D82",
            "versionEndExcluding": "4.9.301",
            "versionStartIncluding": "2.6.24",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C53477E7-1AB3-4CCB-BA3A-8CA6D288B41B",
            "versionEndExcluding": "4.14.266",
            "versionStartIncluding": "4.10",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E67EAACB-63BB-41E7-9FE0-EC45ECD8CFD0",
            "versionEndExcluding": "4.19.229",
            "versionStartIncluding": "4.15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B42832A3-1D9B-4BE0-8D4C-3AF681B52D98",
            "versionEndExcluding": "5.4.177",
            "versionStartIncluding": "4.20",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB2BE440-BF07-4C49-9A0C-A63E4FA103A1",
            "versionEndExcluding": "5.10.97",
            "versionStartIncluding": "5.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C68FC5B4-CC13-45E9-8050-EF9025F7A9B7",
            "versionEndExcluding": "5.15.20",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6739D89E-32C3-479D-B5F6-6865C5061FA5",
            "versionEndExcluding": "5.16.6",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "AF2FF4AA-3027-4F30-9F2A-3E820BBA8BF0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "5F48D0CB-CB06-4456-B918-6549BC6C7892",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "5F15192F-C162-4D4F-ABBC-7CE66BD923A2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "4AE1552C-9398-4952-AD8C-777DF9587043",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2FD90EA8-3C35-48E1-A3B5-FEB6E3207E62",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "C5C134ED-8708-42B5-8138-AEA47ED9CBB6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "77C61DDC-81F3-4E2D-9CAA-17A256C85443",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "5C3BAE34-5AFC-4EED-B6C0-5CC47CDFB416",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "B92409A9-0D6B-4B7E-8847-1B63837D201F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.