Lucene search

[email protected]NVD:CVE-2022-0492

HistoryMar 03, 2022 - 7:15 p.m.

CVE-2022-0492

2022-03-0319:15:08

CWE-862

CWE-287

[email protected]

web.nvd.nist.gov

linux kernel

cgroup_release_agent_write

vulnerability

privilege escalation

namespace isolation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.095

Percentile

94.8%

JSON

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Affected configurations

Nvd

Node

linuxlinux_kernelRange2.6.24–4.9.301

linuxlinux_kernelRange4.10–4.14.266

linuxlinux_kernelRange4.15–4.19.229

linuxlinux_kernelRange4.20–5.4.177

linuxlinux_kernelRange5.5–5.10.97

linuxlinux_kernelRange5.11–5.15.20

linuxlinux_kernelRange5.16–5.16.6

linuxlinux_kernelMatch5.17rc1

linuxlinux_kernelMatch5.17rc2

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

redhatcodeready_linux_builderMatch8.0

redhatcodeready_linux_builderMatch8.2

redhatcodeready_linux_builder_for_power_little_endianMatch8.0

redhatcodeready_linux_builder_for_power_little_endianMatch8.2

redhatvirtualization_hostMatch4.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_for_ibm_z_systemsMatch8.0

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.0

redhatenterprise_linux_for_power_little_endianMatch8.0

redhatenterprise_linux_for_power_little_endian_eusMatch8.0

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.0

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.2

redhatenterprise_linux_for_real_time_tusMatch8.0

redhatenterprise_linux_for_real_time_tusMatch8.2

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.1

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.2

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.1

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.2

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch22.04lts

Node

fedoraprojectfedoraMatch35

Node

netappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-

netappsolidfire_\&_hci_management_nodeMatch-

netapph300eMatch-

netapph300sMatch-

netapph410cMatch-

netapph410sMatch-

netapph500eMatch-

netapph500sMatch-

netapph700eMatch-

netapph700sMatch-

netapphci_compute_nodeMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder8.0cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder8.2cpe:2.3:a:redhat:codeready_linux_builder:8.2:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_power_little_endian8.0cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_power_little_endian8.2cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
redhat	codeready_linux_builder	8.0	cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::*
redhat	codeready_linux_builder	8.2	cpe:2.3:a:redhat:codeready_linux_builder:8.2:::::::*
redhat	codeready_linux_builder_for_power_little_endian	8.0	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:::::::*
redhat	codeready_linux_builder_for_power_little_endian	8.2	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.2:::::::*