Linux Distributions affected by a privilege escalation vulnerability

Threat Advisories

Linux Distributions affected by a privilege escalation vulnerability


For a detailed advisory, download the pdf file here

A new privilege escalation vulnerability has been reported that affects all the major releases of the Linux kernel and being tracked as CVE-2022-0492. The issue primarily affects the Linux kernel feature known as control groups (groups), which controls, accounts for, and isolates a collection of processes’ resource utilization (CPU, memory, disk I/O, network, etc). A local attacker can exploit this issue to escape a container to execute arbitrary commands and gain admin privileges of the container host.

The flaw exists in the Linux kernel because it fails to properly restrict access to the cgroups ‘release_ agent’ feature that under certain circumstances allows it to escalate privileges and bypass the namespace isolation. Specifically, the vulnerability occurs due to an implementation error in the ‘cgroup_release_agent_write()’ function of the ‘kernel/cgroup/cgroup-v1.c’ file.

This vulnerability affects all major Linux distributions, and organizations make use of the script to detect whether they are impacted. Organizations can also make use of the mitigations provided by the researchers to mitigate the risk. However, this issue has been fixed in all the latest versions of Linux.

Potential MITRE ATT&CK TTPs are:

TA0004: Privilege Escalation

T1611: Escape to Host

T1068: Exploitation for Privilege Escalation

TA0003: Persistence

T1098: Account Manipulation

Vulnerability Detail

Linux Distributions affected by a privilege_VD

Patch Link