{
  "threat_severity" : "Important",
  "public_date" : "2022-02-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cgroups v1 release_agent feature may allow privilege escalation",
    "id" : "2051505",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-862",
  "details" : [ "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly." ],
  "statement" : "In the OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by the SELinux policy enabled (by default) on the OCP cluster nodes.\nRed Hat Virtualization requires SELinux running in enforcing mode[1] on all hypervisors and managers, which blocks this vulnerability.\n1. https://access.redhat.com/solutions/499473",
  "acknowledgement" : "Red Hat would like to thank Kevin Wang (Huawei) and Yiqi Sun (Nebula Lab) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
    "release_date" : "2022-04-19T00:00:00Z",
    "advisory" : "RHSA-2022:1417",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "kernel-0:2.6.32-754.47.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-05-18T00:00:00Z",
    "advisory" : "RHSA-2022:4644",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.66.1.rt56.1207.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-05-18T00:00:00Z",
    "advisory" : "RHSA-2022:4642",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.66.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-05-18T00:00:00Z",
    "advisory" : "RHSA-2022:4655",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2022-05-11T00:00:00Z",
    "advisory" : "RHSA-2022:2189",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "kernel-0:3.10.0-514.101.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2022-06-22T00:00:00Z",
    "advisory" : "RHSA-2022:5157",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.103.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2022-05-11T00:00:00Z",
    "advisory" : "RHSA-2022:2186",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "kernel-0:3.10.0-957.94.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2022-05-11T00:00:00Z",
    "advisory" : "RHSA-2022:2186",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "kernel-0:3.10.0-957.94.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2022-05-11T00:00:00Z",
    "advisory" : "RHSA-2022:2186",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "kernel-0:3.10.0-957.94.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2022-05-11T00:00:00Z",
    "advisory" : "RHSA-2022:2211",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2022-05-24T00:00:00Z",
    "advisory" : "RHSA-2022:4717",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "kernel-0:3.10.0-1062.67.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Telco Extended Update Support",
    "release_date" : "2022-05-24T00:00:00Z",
    "advisory" : "RHSA-2022:4717",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.7",
    "package" : "kernel-0:3.10.0-1062.67.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2022-05-24T00:00:00Z",
    "advisory" : "RHSA-2022:4717",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "kernel-0:3.10.0-1062.67.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2022-05-24T00:00:00Z",
    "advisory" : "RHSA-2022:4721",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0819",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-348.20.1.rt7.150.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0825",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-348.20.1.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0849",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0823",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.1",
    "package" : "kernel-0:4.18.0-147.64.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0851",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.1",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-03-17T00:00:00Z",
    "advisory" : "RHSA-2022:0958",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.1",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0821",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv",
    "package" : "kernel-rt-0:4.18.0-193.79.1.rt13.129.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0820",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kernel-0:4.18.0-193.79.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-03-15T00:00:00Z",
    "advisory" : "RHSA-2022:0925",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-04-19T00:00:00Z",
    "advisory" : "RHSA-2022:1413",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4::nfv",
    "package" : "kernel-rt-0:4.18.0-305.45.1.rt7.117.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-04-19T00:00:00Z",
    "advisory" : "RHSA-2022:1418",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-04-20T00:00:00Z",
    "advisory" : "RHSA-2022:1455",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "kernel-0:4.18.0-305.45.1.el8_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "redhat-virtualization-host",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-0492\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0492\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af" ],
  "name" : "CVE-2022-0492",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}