You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
arnaldo2792
published
GHSA-cc3r-wh87-c924Feb 8, 2022
Package
kernel
(bottlerocket)
Affected versions
< 1.6.0
Patched versions
1.6.0
Description
It has been discovered that under certain circumstances, the Linux kernel’s cgroups v1 release_agent feature can be used to escalate privilege and bypass namespace isolation unexpectedly.
This is corrected by requiring CAP_SYS_ADMIN in the initial user namespace when setting release_agent.
It has been discovered that under certain circumstances, the Linux kernel’s cgroups v1 release_agent feature can be used to escalate privilege and bypass namespace isolation unexpectedly.
This is corrected by requiring
CAP_SYS_ADMINin the initial user namespace when setting release_agent.