Security vulnerability: CVE-2022-0185 kernel local root exploit and container escape
This document (000020565) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 15 Service Pack 2
zypper lp -a --cve=CVE-2022-0185
to locate the respective patch name to update.
If an immediate update is not possible, a workaround is to disable unprivileged user namespaces.
Please note that this could potentially break valid functionality in the system.
On a running system, either restrict the total amount of user-namespaces to 0:
sysctl -w user.max_user_namespaces=0
The described mitigation is not permanent. If the setting needs to be reboot persistent,
add them to /etc/sysctl.conf or one of its included files.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020565
- Creation Date: 09-Jun-2022
- Modified Date:09-Jun-2022
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com