7.8

CVE-2022-0492

Warnung
Medienbericht
Exploit
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
LinuxLinux Kernel Version >= 2.6.24 < 4.9.301
LinuxLinux Kernel Version >= 4.10 < 4.14.266
LinuxLinux Kernel Version >= 4.15 < 4.19.229
LinuxLinux Kernel Version >= 4.20 < 5.4.177
LinuxLinux Kernel Version >= 5.5 < 5.10.97
LinuxLinux Kernel Version >= 5.11 < 5.15.20
LinuxLinux Kernel Version >= 5.16 < 5.16.6
LinuxLinux Kernel Version5.17 Updaterc1
LinuxLinux Kernel Version5.17 Updaterc2
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
RedhatVirtualization Host Version4.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.2
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
CanonicalUbuntu Linux Version22.04 SwEditionlts
FedoraprojectFedora Version35
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

02.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Improper Authentication Vulnerability

Schwachstelle

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.53% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:52
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:52
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://www.debian.org/security/2022/dsa-5095
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
Exploit
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2051505
Patch
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20220419-0002/
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0492
US Government Resource