Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAM62SmJTkayhy-+dbne1veD+zH5Nyc3ZhMqk60YQQwBC1-MW7A@mail.gmail.com>
Date: Fri, 4 Feb 2022 10:56:19 -0600
From: Tabitha Sable <tabitha.c.sable@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-0492: Linux kernel cgroups v1 missing capabilities check
 when setting release_agent

Hello all,

It has been discovered that under certain circumstances, the Linux kernel’s
cgroups v1 release_agent feature can be used to escalate privilege and
bypass namespace isolation unexpectedly.

CVE-2022-0492 has been assigned to this issue, which is corrected by
requiring CAP_SYS_ADMIN in the initial user namespace when setting
release_agent. This has been included upstream in commit
24f6008564183aa120d07c03d9289519c2fe02af. (
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
)

Thank you to Yiqi Sun and Kevin Wang of Huawei Security Team for disclosing
their work that led to this fix.

Cheers,

Tabitha Sable

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.