Linux Kernel cgroups v1 release_agent Privilege Escalation / Container Escape

This repository provides a working exploit for CVE-2022-0492, a Linux kernel vulnerability in the cgroup release_agent mechanism that allows container escape. The exploit is implemented as a Bash script (exp.sh) that automates the process of mounting a cgroup subsystem, setting up a malicious release_agent, and triggering it to execute arbitrary commands on the host system. The README.md provides a detailed technical analysis of the vulnerability, exploitation prerequisites, and mitigation strategies. The exploit requires root privileges inside a vulnerable container and leverages the lack of proper security hardening (e.g., seccomp, apparmor, selinux) to escape to the host. The script creates several files and directories (such as /tmp/testcgroup, /cmd, and /result) and interacts with system files like /etc/mtab and /proc to determine the host path and capabilities. The repository is operational and can be used to achieve container escape on affected systems.

This repository provides a Bash script (CVE-2022-0492.sh) that serves as both a checker and a proof-of-concept exploit for CVE-2022-0492, a Linux kernel vulnerability affecting cgroups v1. The script can be run inside a Docker container to determine if the environment is vulnerable, and if so, to exploit the vulnerability and escape the container, executing arbitrary commands as root on the host. The exploit leverages the cgroup release_agent mechanism to run attacker-supplied code on the host. The script supports two main modes: a checker mode (to test for vulnerability) and a command mode (to execute arbitrary commands on the host). The README provides background on the vulnerability, usage instructions, and example payloads (such as reverse shells). The only code file is the Bash script; the other files are a README and a license. The exploit is operational and can be used to achieve full host compromise from a privileged container on a vulnerable system.