Bug 2051505 (CVE-2022-0492) - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation
Summary: CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege es...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-0492
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2051506 2052156 2052157 2052159 2052160 2052161 2052162 2052163 2052164 2052165 2052166 2052167 2052168 2052170 2052171 2052172 2052173 2052174 2052175 2052176 2052177 2052178 2052181 2052182 2052183 2052184 2052185 2052186 2052187
Blocks: 2051507
TreeView+ depends on / blocked
 
Reported: 2022-02-07 11:36 UTC by Marian Rehak
Modified: 2023-09-13 09:27 UTC (History)
64 users (show)

Fixed In Version: kernel 5.17 rc3
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Clone Of:
Environment:
Last Closed: 2022-06-22 14:36:39 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1282 0 None None None 2022-04-08 13:26:51 UTC
Red Hat Product Errata RHBA-2022:1533 0 None None None 2022-04-25 20:02:01 UTC
Red Hat Product Errata RHSA-2022:0819 0 None None None 2022-03-10 15:04:38 UTC
Red Hat Product Errata RHSA-2022:0820 0 None None None 2022-03-10 15:54:47 UTC
Red Hat Product Errata RHSA-2022:0821 0 None None None 2022-03-10 15:13:50 UTC
Red Hat Product Errata RHSA-2022:0823 0 None None None 2022-03-10 15:32:20 UTC
Red Hat Product Errata RHSA-2022:0825 0 None None None 2022-03-10 16:16:02 UTC
Red Hat Product Errata RHSA-2022:0849 0 None None None 2022-03-14 10:48:56 UTC
Red Hat Product Errata RHSA-2022:0851 0 None None None 2022-03-14 10:20:00 UTC
Red Hat Product Errata RHSA-2022:0925 0 None None None 2022-03-15 13:36:58 UTC
Red Hat Product Errata RHSA-2022:0958 0 None None None 2022-03-17 16:28:27 UTC
Red Hat Product Errata RHSA-2022:1413 0 None None None 2022-04-19 15:05:14 UTC
Red Hat Product Errata RHSA-2022:1417 0 None None None 2022-04-19 16:11:48 UTC
Red Hat Product Errata RHSA-2022:1418 0 None None None 2022-04-19 16:19:03 UTC
Red Hat Product Errata RHSA-2022:1455 0 None Closed [Sat6.8] satellite CVs puppet modules are missing in CCV 2022-04-29 10:54:19 UTC
Red Hat Product Errata RHSA-2022:2186 0 None None None 2022-05-11 15:24:05 UTC
Red Hat Product Errata RHSA-2022:2189 0 None None None 2022-05-11 13:21:06 UTC
Red Hat Product Errata RHSA-2022:2211 0 None None None 2022-05-11 18:52:13 UTC
Red Hat Product Errata RHSA-2022:4642 0 None None None 2022-05-18 16:15:15 UTC
Red Hat Product Errata RHSA-2022:4644 0 None None None 2022-05-18 16:15:49 UTC
Red Hat Product Errata RHSA-2022:4655 0 None None None 2022-05-18 14:34:16 UTC
Red Hat Product Errata RHSA-2022:4717 0 None None None 2022-05-24 08:53:02 UTC
Red Hat Product Errata RHSA-2022:4721 0 None None None 2022-05-24 08:11:48 UTC
Red Hat Product Errata RHSA-2022:5157 0 None None None 2022-06-22 08:46:45 UTC

Description Marian Rehak 2022-02-07 11:36:09 UTC
A vulnerability was found in cgroup_release_agent_write in kernel/cgroup/cgroup-v1.c in the Linux kernel.  In this flaw, under certain circumstances, the cgroups v1 release_agent feature can be used to escalate privilege and bypass namespace isolation unexpectedly.

Upstream Commit:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af

Comment 1 Marian Rehak 2022-02-07 11:36:34 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2051506]

Comment 2 juneau 2022-02-07 15:56:14 UTC
Marking OSD|quay-io-3 notaffected:

"In OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by SELinux policy enabled (by default) on the OCP cluster nodes."

Comment 9 Justin M. Forbes 2022-02-10 21:56:42 UTC
This was fixed for Fedora with the 5.16.6 stable kernel updates.

Comment 10 errata-xmlrpc 2022-03-10 15:04:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0819 https://access.redhat.com/errata/RHSA-2022:0819

Comment 11 errata-xmlrpc 2022-03-10 15:13:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0821 https://access.redhat.com/errata/RHSA-2022:0821

Comment 12 errata-xmlrpc 2022-03-10 15:32:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0823 https://access.redhat.com/errata/RHSA-2022:0823

Comment 13 errata-xmlrpc 2022-03-10 15:54:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0820 https://access.redhat.com/errata/RHSA-2022:0820

Comment 14 errata-xmlrpc 2022-03-10 16:15:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0825 https://access.redhat.com/errata/RHSA-2022:0825

Comment 15 errata-xmlrpc 2022-03-14 10:19:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0851 https://access.redhat.com/errata/RHSA-2022:0851

Comment 16 errata-xmlrpc 2022-03-14 10:48:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0849 https://access.redhat.com/errata/RHSA-2022:0849

Comment 17 errata-xmlrpc 2022-03-15 13:36:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0925 https://access.redhat.com/errata/RHSA-2022:0925

Comment 18 errata-xmlrpc 2022-03-17 16:28:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958

Comment 20 errata-xmlrpc 2022-04-19 15:05:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1413 https://access.redhat.com/errata/RHSA-2022:1413

Comment 21 errata-xmlrpc 2022-04-19 16:11:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:1417 https://access.redhat.com/errata/RHSA-2022:1417

Comment 22 errata-xmlrpc 2022-04-19 16:18:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1418 https://access.redhat.com/errata/RHSA-2022:1418

Comment 23 errata-xmlrpc 2022-04-20 16:20:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1455 https://access.redhat.com/errata/RHSA-2022:1455

Comment 24 errata-xmlrpc 2022-05-11 13:21:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2022:2189 https://access.redhat.com/errata/RHSA-2022:2189

Comment 25 errata-xmlrpc 2022-05-11 15:24:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2022:2186 https://access.redhat.com/errata/RHSA-2022:2186

Comment 26 errata-xmlrpc 2022-05-11 18:52:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2022:2211 https://access.redhat.com/errata/RHSA-2022:2211

Comment 28 errata-xmlrpc 2022-05-18 14:34:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4655 https://access.redhat.com/errata/RHSA-2022:4655

Comment 29 errata-xmlrpc 2022-05-18 16:15:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4642 https://access.redhat.com/errata/RHSA-2022:4642

Comment 30 errata-xmlrpc 2022-05-18 16:15:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4644 https://access.redhat.com/errata/RHSA-2022:4644

Comment 31 errata-xmlrpc 2022-05-24 08:11:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2022:4721 https://access.redhat.com/errata/RHSA-2022:4721

Comment 32 errata-xmlrpc 2022-05-24 08:52:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2022:4717 https://access.redhat.com/errata/RHSA-2022:4717

Comment 34 errata-xmlrpc 2022-06-22 08:46:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2022:5157 https://access.redhat.com/errata/RHSA-2022:5157

Comment 35 Product Security DevOps Team 2022-06-22 14:36:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0492


Note You need to log in before you can comment on or make changes to this bug.