Security News > 2022 > March > Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

To go along with the "Dirty Pipe" Linux security bug coming to light, two researchers from Huawei - Yiqi Sun and Kevin Wang - have discovered a vulnerability in the "Control groups" feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary commands on a host machine.

The bug exists in the Linux kernel's "Cgroup release agent write" feature, which is found in the "Kernel/cgroup/cgroup-v1.c" function.

In the words of Red Hat - a major contributor to the Linux kernel - cgroups allow for "Fine-grained control over allocating, prioritizing, denying, managing and monitoring system resources." In the right hands cgroups are a powerful tool for control and security over a system.

She added, "Enabling granular privilege management at the container platform and the container operating system layers across the development environments," can help mitigate such vulnerabilities, even before they become widely known.

February brought CVE-2022-0185, a "Heap-based overflow flaw" with "The way the legacy parse param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length." Like CVE-2022-0492, the flaw exposed the possibility of unauthorized privilege escalation.

More recently - just this Monday, in fact - a researcher published the details of CVE-2022-0847, which allows unprivileged processes to inject code into root processes, thus overwriting data in arbitrary read-only files and paving the way for privilege escalation and arbitrary code execution.

News URL

https://threatpost.com/bug-linux-kernel-privilege-escalation-container-escape/178808/