New Linux Kernel cgroups Vulnerability Could Let Attackers Escape C...

Advisories

Discover Security Vulnerabilities News

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container

32.Lock Code Circular

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.

The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network.

Tracked as CVE-2022-0492 (CVSS score: 7.0), the issue concerns a case of privilege escalation in the cgroups v1 release_agent functionality, a script that's executed following the termination of any process in the cgroup.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.