The new cgroups vulnerability in the Linux kernel allows an attacker to go beyond the container

Details have emerged about an already fixed serious vulnerability in the Linux kernel, which can potentially be used to exit the container in order to execute arbitrary commands on the container host.

The vulnerability CVE-2022-0492 was discovered in the Linux kernel function cgroups, which allows you to organize and form hierarchical groups of processes with specified resource properties and provides programmatic management of them.

The vulnerability was discovered in cgroup_release_agent_write of the Linux kernel in the kernel/cgroup/cgroup-v1.c function. Under certain circumstances, an attacker can use the cgroups v1 release_agent function to elevate privileges and bypass namespace isolation.

“This is one of the simplest escalations of Linux privileges discovered recently: the Linux kernel mistakenly granted a privileged operation to unprivileged users,” Unit 42 researcher Yuval Avraami said in a report published this week.

However, it is worth noting that only processes with “root” privileges can write to a file, which means that the vulnerability allows only root processes to elevate privileges.

“At first glance, the privilege escalation vulnerability, which can only be used by a root user, may seem strange,” Avraami explained. “Running as root does not necessarily mean full control of the machine: there is a gray area between the root user and full privileges, including capabilities, namespaces and containers. In these scenarios, when the root process does not have full control over the machine, CVE-2022-0492 becomes a serious vulnerability.”

Start a discussion …