Researchers have found a vulnerability in the “control groups” feature of the Linux kernel that allows attackers to escape the containers, escalate privileges and execute arbitrary commands to the host.
The bug (CVE-2022-0492) exists in the Linux kernel feature “cgroup_release_agent_write”, which is found in the “kernel / cgroup / cgroup-v1.c” function.
The use of the cgroups v1 release_agent feature allows for container escape in the Kubernetes, that is, the ability to access other users’ containers in public cloud sites.
Read More: https://threatpost.com/bug-linux-kernel-privilege-escalation-container-escape/178808/
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
