Linux Kernel Integer Overflow Vulnerability (CVE-2022-0185)
Description
William Liu and Jamie Hill-Daniel discovered an integer underflow vulnerability in the Linux kernel, which may lead to out-of-bounds writes. A local attacker can use this vulnerability to cause a denial of service (system crash) or execute arbitrary code. In a container scenario, a user with the CAP_SYS_ADMIN permission can escape from the container to the host machine. The vulnerability POC already exists, but no disclosed exploit code is found.
Type |
CVE-ID |
Severity |
Discovered |
---|---|---|---|
Resource management flaw |
High |
2022-01-27 |
Impact
In a container scenario, users have the CAP_SYS_ADMIN permission, and the kernel version is 5.1 or later. In a standard Docker environment, the Docker seccomp filter is used. Therefore, the system is not affected by this vulnerability by default. In the Kubernetes scenario, the seccomp filter is disabled by default. The system is affected by this vulnerability if the kernel and permission conditions are met.
The CCE is not affected by this vulnerability.
Identification Method
Run the uname -a command to view the kernel version.
Workarounds and Mitigation Measures
CCE clusters are not affected by this vulnerability. For a Kubernetes cluster, you are advised to:
- Run containers with the least privilege.
- Configure seccomp based on the configuration method provided by Kubernetes.
Helpful Links
https://blog.aquasec.com/cve-2022-0185-linux-kernel-container-escape-in-kubernetes
https://ubuntu.com/security/CVE-2022-0185
https://access.redhat.com/security/cve/CVE-2022-0185
https://www.openwall.com/lists/oss-security/2022/01/18/7
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.