Threat Advisories:

Linux Distributions affected by a privilege escalation vulnerability

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here

A new privilege escalation vulnerability has been reported that affects all the major releases of the Linux kernel and being tracked as CVE-2022-0492. The issue primarily affects the Linux kernel feature known as control groups (groups), which controls, accounts for, and isolates a collection of processes’ resource utilization (CPU, memory, disk I/O, network, etc). A local attacker can exploit this issue to escape a container to execute arbitrary commands and gain admin privileges of the container host.

The flaw exists in the Linux kernel because it fails to properly restrict access to the cgroups ‘release_ agent’ feature that under certain circumstances allows it to escalate privileges and bypass the namespace isolation. Specifically, the vulnerability occurs due to an implementation error in the ‘cgroup_release_agent_write()’ function of the ‘kernel/cgroup/cgroup-v1.c’ file.

This vulnerability affects all major Linux distributions, and organizations make use of the script to detect whether they are impacted. Organizations can also make use of the mitigations provided by the researchers to mitigate the risk. However, this issue has been fixed in all the latest versions of Linux.

Potential MITRE ATT&CK TTPs are:

TA0004: Privilege Escalation

T1611: Escape to Host

T1068: Exploitation for Privilege Escalation

TA0003: Persistence

T1098: Account Manipulation

Vulnerability Detail

Patch Link

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs