This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
f89ca645e9a7ab68a61d054b319e54c6af9a4e97faf0cab7987d8a5f919f6c11Red Hat Security Advisory 2022-5157-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
1beaba42fb146dbbbce02049dcf413eb6032400339acabdcb70b5356f106ff69It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.
d764344ffd074691e5125e0c7ecb9972329d587b004cdad9acfe1fafabfb0253Red Hat Security Advisory 2022-4721-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
f9883ad9e6150312c7d527e96bb91bb7ce44824d08863a8198dceed0db83ab06Red Hat Security Advisory 2022-4717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
2702dee3e48d7005b19141b7d3fdd594630111f42423104e4165fc167a60f8c0Red Hat Security Advisory 2022-4644-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a privilege escalation vulnerability.
9238f3f09ee24112c543f2a4c26934610307752a7f760bd4cacb97f776229c6dRed Hat Security Advisory 2022-4655-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
b32cf1f12c90d2ce3d018e88504d2caf637f62d925d714e143765869229bb073Red Hat Security Advisory 2022-4642-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and privilege escalation vulnerabilities.
3c0b32f3c90145a54c8cbc784710b71ce7588da50abb4986999bafbde5c9bdc5Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.
fbbfbdf0a9151383c4fd51b75bed69402cdeb86e35b863354d293fba3587a9fdRed Hat Security Advisory 2022-2186-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
a847e5c70c5289c712f0df28eb12a731d4e74f077f18cf417aae88f5d9d94fefRed Hat Security Advisory 2022-2211-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
71372bb43a888c8330bd51534a8b3948c81aa048f2576873cb1617edaf6cc742Red Hat Security Advisory 2022-2189-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
fd1c2dd2553ad38432826289b02c39ffabff76be6059f360d709310e87bcf72fRed Hat Security Advisory 2022-1476-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. Issues addressed include an information leakage vulnerability.
518f87bfae6ff4f29f3572832aa384efe8f2162ebac11f7d53caab2d6df42933Red Hat Security Advisory 2022-1455-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and privilege escalation vulnerabilities.
875d0e42f4b97c80ca5787d522296033e722015e393e57c94404ccc7805a955eRed Hat Security Advisory 2022-1418-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and privilege escalation vulnerabilities.
2eab67c4f841bc45e94ce58e73ca60e7ba690017b6dcc37ecba54fb3786bc710Red Hat Security Advisory 2022-1413-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds write and privilege escalation vulnerabilities.
e29d570eaf4be8d9d8c2a0c59251fd78375f239719aba399dda2f75b42e91bc1Red Hat Security Advisory 2022-1417-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
a1855a4358516ae7f91cd9312df1efeaeeb9fe1fe48d1dafbe1dd6848b141dd1Ubuntu Security Notice 5377-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.
7e8bb3e3236447d1446aec7cdf4a4e028e781bb1a791ee70ba7d1d4a0e3b9b7bUbuntu Security Notice 5368-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
5d0b16263370f4a729db7ba7a5a7cdbc7ade51f3de840e5c97e95000dd201eb7Ubuntu Security Notice 5362-1 - Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
15aee9355fdfa4005c244c11432f609c7d439bd4c9e2bb1fc22da50bd8c0cbbdRed Hat Security Advisory 2022-1083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include an information leakage vulnerability.
9442197180deeb5f25977efd08ace4909b97f3f5729b4b0b9f276d27f078ba23Debian Linux Security Advisory 5095-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
271e4b7d1b99d28febed5f00c4b01bf76715f4001e068e7da511f20bacd0d4ffYiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
2192c199581e31d17ad1f82ccb72319fb36da887cc27a4431990dced1f3967d7Ubuntu Security Notice 5339-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that an out-of-bounds memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service.
8e790d8271b3b0cda49ce9f2ce4bb09f4e9b8de73f7d2e6df231b904a157bd46Ubuntu Security Notice 5338-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. J
8237e5780ec9d5762a287998415d277ae8d9148196c501305fc7c81735e15f4e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed