Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-0492 PoC — Linux kernel 授权问题漏洞

Source
https://github.com/PaloAltoNetworks/can-ctr-escape-cve-2022-0492
Associated Vulnerability
Title:Linux kernel 授权问题漏洞 (CVE-2022-0492)
Description:A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Description
Test whether a container environment is vulnerable to container escapes via CVE-2022-0492
Readme
A container image that tests whether a container enviroment is vulnerable to escapes via CVE-2022-0492. Best to execute under a new container running an image built with:

```
$ cd can-ctr-escape-cve-2022-0492
$ docker build -t can-ctr-escape-cve-2022-0492:latest .
```

A pre-built image is available at `us-central1-docker.pkg.dev/twistlock-secresearch/public/can-ctr-escape-cve-2022-0492:latest`.

### Running in Kubernetes

```
kubectl run --restart Never --rm -it --image=us-central1-docker.pkg.dev/twistlock-secresearch/public/can-ctr-escape-cve-2022-0492:latest test-for-cve-2022-0492
```
File Snapshot

 [4.0K]  /data/pocs/1cf934d0d926b0a36d7557adccaefa99ea01c502
├── [1.2K]  can-ctr-escape-cve-2022-0492.sh
├── [ 256]  Dockerfile
├── [1.0K]  LICENSE
└── [ 596]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →