A use-after-free flaw was found in cgroup1_parse_param in...
High severity
Unreviewed
Published
Feb 11, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Feb 4, 2022
Published to the GitHub Advisory Database
Feb 11, 2022
Last updated
Jan 27, 2023
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
References