• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new linux kernel cgroups vulnerability could let attackers escape container

New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container

You are here: Home / General Cyber Security News / New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container
March 5, 2022

Information have emerged about a now-patched higher-severity vulnerability in the Linux kernel that could perhaps be abused to escape a container in order to execute arbitrary instructions on the container host.

The shortcoming resides in a Linux kernel aspect named regulate teams, also referred to as cgroups model 1 (v1), which lets processes to be arranged into hierarchical teams, effectively making it feasible to limit and keep an eye on the use of sources this kind of as CPU, memory, disk I/O, and network.

Tracked as CVE-2022-0492 (CVSS rating: 7.), the issue concerns a case of privilege escalation in the cgroups v1 release_agent functionality, a script which is executed adhering to the termination of any method in the cgroup.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“The issue stands out as a single of the simplest Linux privilege escalations found out in recent times: The Linux kernel mistakenly uncovered a privileged operation to unprivileged users,” Device 42 researcher Yuval Avrahami claimed in a report posted this week.

Automatic GitHub Backups

The guy web site for cgroups describes its perform as follows –

No matter if or not the launch_agent method is invoked when a particular cgroup gets vacant is determined by the price in the notify_on_launch file in the corresponding cgroup directory. If this file contains the value , then the release_agent software is not invoked. If it has the price 1, the release_agent software is invoked. The default benefit for this file in the root cgroup is .

Exclusively, the Palo Alto Networks risk intelligence group famous that the bug is a consequence of a missing verification to test no matter whether the course of action setting the launch_agent file experienced administrative privileges, thus earning it ripe for likely exploitation.

In other text, should really this release_agent file be overwritten by an attacker, the kernel can be pressured into calling an arbitrary binary configured in the release agent with the optimum attainable permissions – a situation that could effectively make it possible for a full takeover of the machine.

It really is, even so, really worth noting that only processes with “root” privileges can generate to the file, indicating that the vulnerability entirely permits root processes to escalate privileges.

“At 1st glance, a privilege escalation vulnerability that can only be exploited by the root person may look weird,” Avrahami discussed. “Jogging as root won’t essentially suggest complete command in excess of the device: There’s a grey location in between the root consumer and comprehensive privileges that contains abilities, namespaces and containers. In these scenarios wherever a root approach won’t have entire manage above the machine, CVE-2022-0492 results in being a significant vulnerability.”

Prevent Data Breaches

Despite the fact that containers working with AppArmor or SELinux are secured from the flaw, customers are proposed to utilize the patches in light of the point that it could be abused by other malicious host processes to elevate privileges.

This is far from the very first time release_agent has emerged as an attack vector. In July 2017, Google Undertaking Zero researcher Felix Wilhelm shown a “swift and filthy” evidence-of-principle (PoC) exploit leveraging the function to break out of privileged Kubernetes and Docker containers.

Then in November 2021, cloud security organization Aqua disclosed particulars of a cryptocurrency mining campaign that applied the correct exact container escape strategy to fall the XMRig coin miner on infected hosts, producing it the initially recorded occasion of genuine-entire world exploitation.

“CVE-2022-0492 marks an additional Linux vulnerability that can be exploited for container escape,” Avrahami concluded. “The good news is, environments that comply with most effective techniques are shielded from this vulnerability. Environments with lax security controls hosting untrusted or publicly exposed containers are, unsurprisingly, at significant risk.”

Located this article intriguing? Stick to THN on Fb, Twitter  and LinkedIn to browse a lot more exclusive content material we write-up.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «imperva thwarts 2.5 million rps ransom ddos extortion attacks Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks
Next Post: 2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP! 2 new mozilla firefox 0 day bugs under active attack —»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.