Researchers from Huawai reported their findings on a flaw in the Linux kernel's "control groups" feature that potentially enables threat actors to escape containers and infiltrate containers owned by different users within a public cloud environment, according to Threatpost
The bug is designated CVE-2022-0492 and has not yet been assigned a CVSS severity score by the National Institute of Standards and Technology National Vulnerability Database.
The agency said in an advisory that the vulnerability, "under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."
The flaw is found in the Linux kernel's "cgroup_release_agent_write" feature, under the "kernel/cgroup/cgroup-v1.c" function, and stems from Linux's failure to check whether the process setting the release_agent file carries administrative privileges, according to researchers from Palo Alto Networks.
The researchers added that the release_agent file "allows administrators to configure a 'release agent' program that would run upon the termination of a process in the cgroup," allowing threat actors to write to the to the release_agent file and obtain full administrator privileges.