/

CVE-2022-0492 Report - Details, Severity, & Advisories

CVE-2022-0492 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2022-0492?

CVE-2022-0492 is a high-severity vulnerability found in the Linux kernel, specifically in the cgroup\_release\_agent\_write function. This flaw affects various systems running vulnerable versions of the Linux kernel, including distributions such as Debian, Red Hat, Canonical Ubuntu, Fedora, and NetApp SolidFire & HCI Storage Node. Under certain circumstances, the vulnerability allows the use of the cgroups v1 release\_agent feature to escalate privileges and bypass namespace isolation unexpectedly, potentially granting unauthorized access to sensitive information and system resources.

Who is impacted by this?

The CVE-2022-0492 vulnerability impacts users of the Linux kernel versions from 2.6.24 up to 5.17-rc2, including distributions like Debian, Red Hat, Ubuntu, Fedora, and NetApp SolidFire & HCI Storage Node. Affected users include those running Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM, as well as those using Docker images with either the privileged flag or SYS_ADMIN Linux capability on a vulnerable host kernel. This vulnerability allows for privilege escalation and bypassing namespace isolation.

What should I do if I’m affected?

If you're affected by the CVE-2022-0492 vulnerability, it's crucial to take action to secure your system. Here's a simplified step-by-step guide:

  1. Check if your Linux kernel version is affected.

  2. Update your kernel to the latest version or apply the appropriate kernel live patch for your Ubuntu release.

  3. For Docker users, ensure your images don't use the privileged flag or SYS\_ADMIN Linux capability on a vulnerable host kernel.

  4. Monitor security advisories and updates from your Linux distribution for further guidance.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-0492 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. Users should update their kernel to the latest version or apply the appropriate kernel live patch and monitor security advisories for further guidance.

Weakness Enumeration

The weakness enumeration for this vulnerability includes CWE-862 Missing Authorization and CWE-287 Improper Authentication, affecting the Linux kernel's cgroup_release_agent_write function.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or explore the following resources:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-0492 Report - Details, Severity, & Advisories

CVE-2022-0492 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2022-0492?

CVE-2022-0492 is a high-severity vulnerability found in the Linux kernel, specifically in the cgroup\_release\_agent\_write function. This flaw affects various systems running vulnerable versions of the Linux kernel, including distributions such as Debian, Red Hat, Canonical Ubuntu, Fedora, and NetApp SolidFire & HCI Storage Node. Under certain circumstances, the vulnerability allows the use of the cgroups v1 release\_agent feature to escalate privileges and bypass namespace isolation unexpectedly, potentially granting unauthorized access to sensitive information and system resources.

Who is impacted by this?

The CVE-2022-0492 vulnerability impacts users of the Linux kernel versions from 2.6.24 up to 5.17-rc2, including distributions like Debian, Red Hat, Ubuntu, Fedora, and NetApp SolidFire & HCI Storage Node. Affected users include those running Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM, as well as those using Docker images with either the privileged flag or SYS_ADMIN Linux capability on a vulnerable host kernel. This vulnerability allows for privilege escalation and bypassing namespace isolation.

What should I do if I’m affected?

If you're affected by the CVE-2022-0492 vulnerability, it's crucial to take action to secure your system. Here's a simplified step-by-step guide:

  1. Check if your Linux kernel version is affected.

  2. Update your kernel to the latest version or apply the appropriate kernel live patch for your Ubuntu release.

  3. For Docker users, ensure your images don't use the privileged flag or SYS\_ADMIN Linux capability on a vulnerable host kernel.

  4. Monitor security advisories and updates from your Linux distribution for further guidance.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-0492 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. Users should update their kernel to the latest version or apply the appropriate kernel live patch and monitor security advisories for further guidance.

Weakness Enumeration

The weakness enumeration for this vulnerability includes CWE-862 Missing Authorization and CWE-287 Improper Authentication, affecting the Linux kernel's cgroup_release_agent_write function.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or explore the following resources:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-0492 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2022-0492?

CVE-2022-0492 is a high-severity vulnerability found in the Linux kernel, specifically in the cgroup\_release\_agent\_write function. This flaw affects various systems running vulnerable versions of the Linux kernel, including distributions such as Debian, Red Hat, Canonical Ubuntu, Fedora, and NetApp SolidFire & HCI Storage Node. Under certain circumstances, the vulnerability allows the use of the cgroups v1 release\_agent feature to escalate privileges and bypass namespace isolation unexpectedly, potentially granting unauthorized access to sensitive information and system resources.

Who is impacted by this?

The CVE-2022-0492 vulnerability impacts users of the Linux kernel versions from 2.6.24 up to 5.17-rc2, including distributions like Debian, Red Hat, Ubuntu, Fedora, and NetApp SolidFire & HCI Storage Node. Affected users include those running Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM, as well as those using Docker images with either the privileged flag or SYS_ADMIN Linux capability on a vulnerable host kernel. This vulnerability allows for privilege escalation and bypassing namespace isolation.

What should I do if I’m affected?

If you're affected by the CVE-2022-0492 vulnerability, it's crucial to take action to secure your system. Here's a simplified step-by-step guide:

  1. Check if your Linux kernel version is affected.

  2. Update your kernel to the latest version or apply the appropriate kernel live patch for your Ubuntu release.

  3. For Docker users, ensure your images don't use the privileged flag or SYS\_ADMIN Linux capability on a vulnerable host kernel.

  4. Monitor security advisories and updates from your Linux distribution for further guidance.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-0492 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. Users should update their kernel to the latest version or apply the appropriate kernel live patch and monitor security advisories for further guidance.

Weakness Enumeration

The weakness enumeration for this vulnerability includes CWE-862 Missing Authorization and CWE-287 Improper Authentication, affecting the Linux kernel's cgroup_release_agent_write function.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or explore the following resources: