"It has been discovered that under certain circumstances, the Linux kernel's
cgroups v1 release_agent feature can be used to escalate privilege and
bypass namespace isolation unexpectedly.
CVE-2022-0492 has been assigned to this issue, which is corrected by
requiring CAP_SYS_ADMIN in the initial user namespace when setting
release_agent. This has been included upstream in commit
"The cgroup release_agent is called with call_usermodehelper. The function
call_usermodehelper starts the release_agent with a full set fo capabilities.
Therefore require capabilities when setting the release_agaent."
AIUI, that means anyone who can call cgroup_release_agent_write can end up with all capabilities, prior to the fix?
Some minor spelunking showed that cgroup_release_agent_write appeared in more-or-less its current form in 2008. So any Linux kernel from v2.6.26 onward, with CONFIG_CGROUPS, may be vulnerable?
$ fix_in_what_release 24f6008564183aa120d07c03d9289519c2fe02af
4.9.301 4.14.266 4.19.229 5.4.177 5.10.97 5.15.20 5.16.6
I can't find a security-supported kernel that has any vulnerable version, and since we don't issue GLSAs for kernels, we should be all done here.