exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

CVE-2022-0492

Status Candidate

Overview

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Related Files

Docker cgroups Container Escape
Posted Dec 7, 2023
Authored by h00die, Kevin Wang, T1erno, Yiqi Sun | Site metasploit.com

This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

tags | exploit, kernel, root
systems | linux
advisories | CVE-2022-0492
SHA-256 | f89ca645e9a7ab68a61d054b319e54c6af9a4e97faf0cab7987d8a5f919f6c11
Red Hat Security Advisory 2022-5157-01
Posted Jun 22, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5157-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492, CVE-2022-1729
SHA-256 | 1beaba42fb146dbbbce02049dcf413eb6032400339acabdcb70b5356f106ff69
Kernel Live Patch Security Notice LSN-0086-1
Posted Jun 3, 2022
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2021-39713, CVE-2022-0492, CVE-2022-1055, CVE-2022-1116, CVE-2022-21499, CVE-2022-29581, CVE-2022-30594
SHA-256 | d764344ffd074691e5125e0c7ecb9972329d587b004cdad9acfe1fafabfb0253
Red Hat Security Advisory 2022-4721-01
Posted May 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4721-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | f9883ad9e6150312c7d527e96bb91bb7ce44824d08863a8198dceed0db83ab06
Red Hat Security Advisory 2022-4717-01
Posted May 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | 2702dee3e48d7005b19141b7d3fdd594630111f42423104e4165fc167a60f8c0
Red Hat Security Advisory 2022-4644-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4644-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | 9238f3f09ee24112c543f2a4c26934610307752a7f760bd4cacb97f776229c6d
Red Hat Security Advisory 2022-4655-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4655-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | b32cf1f12c90d2ce3d018e88504d2caf637f62d925d714e143765869229bb073
Red Hat Security Advisory 2022-4642-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4642-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | 3c0b32f3c90145a54c8cbc784710b71ce7588da50abb4986999bafbde5c9bdc5
Red Hat Security Advisory 2022-1699-01
Posted May 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4083, CVE-2022-0492, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-24769, CVE-2022-25636
SHA-256 | fbbfbdf0a9151383c4fd51b75bed69402cdeb86e35b863354d293fba3587a9fd
Red Hat Security Advisory 2022-2186-01
Posted May 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2186-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4028, CVE-2022-0492
SHA-256 | a847e5c70c5289c712f0df28eb12a731d4e74f077f18cf417aae88f5d9d94fef
Red Hat Security Advisory 2022-2211-01
Posted May 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2211-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4028, CVE-2022-0492
SHA-256 | 71372bb43a888c8330bd51534a8b3948c81aa048f2576873cb1617edaf6cc742
Red Hat Security Advisory 2022-2189-01
Posted May 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2189-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4028, CVE-2021-4083, CVE-2022-0492
SHA-256 | fd1c2dd2553ad38432826289b02c39ffabff76be6059f360d709310e87bcf72f
Red Hat Security Advisory 2022-1476-01
Posted Apr 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1476-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-23177, CVE-2021-23566, CVE-2021-31566, CVE-2021-3999, CVE-2021-41190, CVE-2021-4154, CVE-2021-43565, CVE-2021-45960, CVE-2021-46143, CVE-2022-0144, CVE-2022-0155, CVE-2022-0235, CVE-2022-0261, CVE-2022-0318, CVE-2022-0330, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0536, CVE-2022-0778, CVE-2022-0811, CVE-2022-0847, CVE-2022-22822
SHA-256 | 518f87bfae6ff4f29f3572832aa384efe8f2162ebac11f7d53caab2d6df42933
Red Hat Security Advisory 2022-1455-01
Posted Apr 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1455-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4083, CVE-2022-0492, CVE-2022-25636
SHA-256 | 875d0e42f4b97c80ca5787d522296033e722015e393e57c94404ccc7805a955e
Red Hat Security Advisory 2022-1418-01
Posted Apr 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1418-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4083, CVE-2022-0492, CVE-2022-25636
SHA-256 | 2eab67c4f841bc45e94ce58e73ca60e7ba690017b6dcc37ecba54fb3786bc710
Red Hat Security Advisory 2022-1413-01
Posted Apr 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1413-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds write and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4083, CVE-2022-0492, CVE-2022-25636
SHA-256 | e29d570eaf4be8d9d8c2a0c59251fd78375f239719aba399dda2f75b42e91bc1
Red Hat Security Advisory 2022-1417-01
Posted Apr 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1417-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2021-0920, CVE-2021-4155, CVE-2022-0492
SHA-256 | a1855a4358516ae7f91cd9312df1efeaeeb9fe1fe48d1dafbe1dd6848b141dd1
Ubuntu Security Notice USN-5377-1
Posted Apr 13, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5377-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-4135, CVE-2021-43976, CVE-2021-44733, CVE-2021-45095, CVE-2021-45469, CVE-2021-45480, CVE-2022-0435, CVE-2022-0492, CVE-2022-1055, CVE-2022-27666
SHA-256 | 7e8bb3e3236447d1446aec7cdf4a4e028e781bb1a791ee70ba7d1d4a0e3b9b7b
Ubuntu Security Notice USN-5368-1
Posted Apr 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5368-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135, CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095, CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-1055, CVE-2022-23222, CVE-2022-27666
SHA-256 | 5d0b16263370f4a729db7ba7a5a7cdbc7ade51f3de840e5c97e95000dd201eb7
Ubuntu Security Notice USN-5362-1
Posted Apr 1, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5362-1 - Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-4083, CVE-2021-4090, CVE-2021-4155, CVE-2021-42327, CVE-2022-0001, CVE-2022-0185, CVE-2022-0330, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-0847, CVE-2022-22942, CVE-2022-23222, CVE-2022-23960, CVE-2022-25636
SHA-256 | 15aee9355fdfa4005c244c11432f609c7d439bd4c9e2bb1fc22da50bd8c0cbbd
Red Hat Security Advisory 2022-1083-01
Posted Mar 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-23177, CVE-2021-23566, CVE-2021-31566, CVE-2021-3999, CVE-2021-4154, CVE-2021-45960, CVE-2021-46143, CVE-2022-0144, CVE-2022-0155, CVE-2022-0235, CVE-2022-0261, CVE-2022-0318, CVE-2022-0330, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0536, CVE-2022-0847, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825
SHA-256 | 9442197180deeb5f25977efd08ace4909b97f3f5729b4b0b9f276d27f078ba23
Debian Security Advisory 5095-1
Posted Mar 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5095-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2020-36310, CVE-2022-0001, CVE-2022-0002, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-25636
SHA-256 | 271e4b7d1b99d28febed5f00c4b01bf76715f4001e068e7da511f20bacd0d4ff
Kernel Live Patch Security Notice LSN-0085-1
Posted Mar 24, 2022
Authored by Benjamin M. Romer

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2022-0492, CVE-2022-25636
SHA-256 | 2192c199581e31d17ad1f82ccb72319fb36da887cc27a4431990dced1f3967d7
Ubuntu Security Notice USN-5339-1
Posted Mar 22, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5339-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that an out-of-bounds memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3506, CVE-2021-43976, CVE-2021-44733, CVE-2021-45095, CVE-2022-0435, CVE-2022-0492
SHA-256 | 8e790d8271b3b0cda49ce9f2ce4bb09f4e9b8de73f7d2e6df231b904a157bd46
Ubuntu Security Notice USN-5338-1
Posted Mar 22, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5338-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. J

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-4135, CVE-2021-43976, CVE-2021-44733, CVE-2021-45095, CVE-2021-45480, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516
SHA-256 | 8237e5780ec9d5762a287998415d277ae8d9148196c501305fc7c81735e15f4e
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close