Skip to content
Activamente explotadaCVSS 7.8 · HIGH

CVE-2022-0492

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

Ver en NVD

Análisis

Una vulnerabilidad en el kernel de Linux permite el escalamiento de privilegios y el escape de contenedores mediante la funcionalidad cgroups v1. Este fallo está siendo explotado activamente y compromete directamente el aislamiento de namespaces en entornos que utilizan Docker o Kubernetes.

Roles relevantes

LinuxDockerKubernetesCloudCyberSecurityBackend

Severidad

Puntaje: 7.8(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-287CWE-862

CISA KEV

Agregada al KEV: 2026-06-02
Fecha límite federal: 2026-06-05
Uso conocido en ransomware: Unknown
Acción requerida

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS

Probabilidad de explotación (próx. 30 días): 0.0549 (5.5%)
Percentil: 91.7%
EPSS: 2026-06-16

Afecta

netapp:h300s_firmwarenetapp:h300snetapp:h410c_firmwarenetapp:h410cnetapp:h410s_firmwarenetapp:h410snetapp:h500s_firmwarenetapp:h500snetapp:h700s_firmwarenetapp:h700snetapp:bootstrap_osnetapp:hci_compute_nodelinux:linux_kerneldebian:debian_linuxredhat:codeready_linux_builderredhat:codeready_linux_builder_for_power_little_endianredhat:virtualization_hostredhat:enterprise_linuxredhat:enterprise_linux_eusredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_power_little_endianredhat:enterprise_linux_for_power_little_endian_eusredhat:enterprise_linux_for_real_time_for_nfv_tusredhat:enterprise_linux_for_real_time_tusredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsredhat:enterprise_linux_server_tusredhat:enterprise_linux_server_update_services_for_sap_solutionscanonical:ubuntu_linuxfedoraproject:fedoranetapp:solidfire\,_enterprise_sds_\&_hci_storage_nodenetapp:solidfire_\&_hci_management_node

Descripción técnica

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Publicada: 3/3/2022, 19:15:08
Última modificación: 3/6/2026, 12:53:31

Referencias

InicioEventosBlogRecursosEquipo