CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namesp...
CVE-2022-0492CVSS 7.8CISA KEVLinux

CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namesp...

CVSS
7.8 HIGH
EPSS
91.86%
Known exploited
yes
Product
Kernel

What is known

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Sources