Security News > 2022 > March > Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
To go along with the "Dirty Pipe" Linux security bug coming to light, two researchers from Huawei - Yiqi Sun and Kevin Wang - have discovered a vulnerability in the "Control groups" feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary commands on a host machine.
The bug exists in the Linux kernel's "Cgroup release agent write" feature, which is found in the "Kernel/cgroup/cgroup-v1.c" function.
In the words of Red Hat - a major contributor to the Linux kernel - cgroups allow for "Fine-grained control over allocating, prioritizing, denying, managing and monitoring system resources." In the right hands cgroups are a powerful tool for control and security over a system.
She added, "Enabling granular privilege management at the container platform and the container operating system layers across the development environments," can help mitigate such vulnerabilities, even before they become widely known.
February brought CVE-2022-0185, a "Heap-based overflow flaw" with "The way the legacy parse param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length." Like CVE-2022-0492, the flaw exposed the possibility of unauthorized privilege escalation.
More recently - just this Monday, in fact - a researcher published the details of CVE-2022-0847, which allows unprivileged processes to inject code into root processes, thus overwriting data in arbitrary read-only files and paving the way for privilege escalation and arbitrary code execution.
News URL
https://threatpost.com/bug-linux-kernel-privilege-escalation-container-escape/178808/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2022-0847 | Improper Initialization vulnerability in multiple products A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. | 7.8 |
2022-03-03 | CVE-2022-0492 | Missing Authorization vulnerability in multiple products A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. | 7.8 |
2022-02-11 | CVE-2022-0185 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. | 8.4 |