Security vulnerability: CVE-2022-0185 kernel local root exploit and container escape
This document (000020565) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 15 Service Pack 2
zypper lp -a --cve=CVE-2022-0185
to locate the respective patch name to update.
If an immediate update is not possible, a workaround is to disable unprivileged user namespaces.
Please note that this could potentially break valid functionality in the system.
On a running system, either restrict the total amount of user-namespaces to 0:
sysctl -w user.max_user_namespaces=0
or disable the user-namesspace clone:
sysctl -w kernel.unprivileged_userns_clone=0
Both described mitigations are not permanent, if they need to be persistent over reboots,
add them to /etc/sysctl.conf or one of its included files.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020565
- Creation Date: 26-Jan-2022
- Modified Date:26-Jan-2022
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: firstname.lastname@example.org