{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-0492", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:32:45.292Z", "dateReserved": "2022-02-04T00:00:00", "datePublished": "2022-03-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-12-07T15:06:18.421771"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."}], "affected": [{"vendor": "n/a", "product": "kernel", "versions": [{"version": "kernel 5.17 rc3", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"}, {"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"}, {"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"}, {"name": "DSA-5095", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5095"}, {"name": "DSA-5096", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5096"}, {"url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"}, {"url": "https://security.netapp.com/advisory/ntap-20220419-0002/"}, {"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"}, {"url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-287", "cweId": "CWE-287"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:45.292Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"}, {"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"}, {"name": "DSA-5095", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5095"}, {"name": "DSA-5096", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5096"}, {"url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20220419-0002/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "006C09FF-C563-403E-8723-2A252C409D82", "versionEndExcluding": "4.9.301", "versionStartIncluding": "2.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C53477E7-1AB3-4CCB-BA3A-8CA6D288B41B", "versionEndExcluding": "4.14.266", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E67EAACB-63BB-41E7-9FE0-EC45ECD8CFD0", "versionEndExcluding": "4.19.229", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B42832A3-1D9B-4BE0-8D4C-3AF681B52D98", "versionEndExcluding": "5.4.177", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB2BE440-BF07-4C49-9A0C-A63E4FA103A1", "versionEndExcluding": "5.10.97", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C68FC5B4-CC13-45E9-8050-EF9025F7A9B7", "versionEndExcluding": "5.15.20", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6739D89E-32C3-479D-B5F6-6865C5061FA5", "versionEndExcluding": "5.16.6", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "AF2FF4AA-3027-4F30-9F2A-3E820BBA8BF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F48D0CB-CB06-4456-B918-6549BC6C7892", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "5F15192F-C162-4D4F-ABBC-7CE66BD923A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AE1552C-9398-4952-AD8C-777DF9587043", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FD90EA8-3C35-48E1-A3B5-FEB6E3207E62", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5C134ED-8708-42B5-8138-AEA47ED9CBB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "77C61DDC-81F3-4E2D-9CAA-17A256C85443", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C3BAE34-5AFC-4EED-B6C0-5CC47CDFB416", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B92409A9-0D6B-4B7E-8847-1B63837D201F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en la funci\u00f3n cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la funci\u00f3n cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada"}], "id": "CVE-2022-0492", "lastModified": "2024-11-21T06:38:46.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-03T19:15:08.633", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220419-0002/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5095"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220419-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5096"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Kevin Wang (Huawei) and Yiqi Sun (Nebula Lab) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1417", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "kernel-0:2.6.32-754.47.1.el6", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-04-19T00:00:00Z"}, {"advisory": "RHSA-2022:4644", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.66.1.rt56.1207.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4642", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.66.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4655", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:2189", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.101.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:5157", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.103.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-06-22T00:00:00Z"}, {"advisory": "RHSA-2022:2186", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2186", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2186", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2211", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:4717", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.67.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:4717", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.67.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:4717", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.67.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:4721", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:0819", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-348.20.1.rt7.150.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2022:0825", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-348.20.1.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2022:0849", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0823", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.64.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2022:0851", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0958", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-17T00:00:00Z"}, {"advisory": "RHSA-2022:0821", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.79.1.rt13.129.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2022:0820", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.79.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2022:0925", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-03-15T00:00:00Z"}, {"advisory": "RHSA-2022:1413", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.45.1.rt7.117.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-04-19T00:00:00Z"}, {"advisory": "RHSA-2022:1418", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-04-19T00:00:00Z"}, {"advisory": "RHSA-2022:1455", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.45.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-04-20T00:00:00Z"}], "bugzilla": {"description": "kernel: cgroups v1 release_agent feature may allow privilege escalation", "id": "2051505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-862", "details": ["A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-0492", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0492\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0492\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"], "statement": "In the OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by the SELinux policy enabled (by default) on the OCP cluster nodes.\nRed Hat Virtualization requires SELinux running in enforcing mode[1] on all hypervisors and managers, which blocks this vulnerability.\n1. https://access.redhat.com/solutions/499473", "threat_severity": "Important", "upstream_fix": "kernel 5.17 rc3"}