CISA Flags Linux Kernel CVE-2022-0492 Exploitation, Orders Federal Patches by June 5
Updated
Updated · SecurityWeek · Jun 3
CISA Flags Linux Kernel CVE-2022-0492 Exploitation, Orders Federal Patches by June 5
3 articles · Updated · SecurityWeek · Jun 3
Summary
CISA on Tuesday added CVE-2022-0492 to its Known Exploited Vulnerabilities catalog after reports that the Linux kernel flaw is being used in the wild to escape containers and gain root privileges.
The bug, scored 7.8, affects only cgroups v1 and lets an attacker alter the release_agent file so a malicious host-side script runs as root, bypassing namespace isolation.
Technical details for the flaw were published about three years ago, but Kaspersky disclosed active exploitation this week in attacks on container environments without naming the victims or operators.
Federal agencies must patch CVE-2022-0492 by June 5, and CISA separately urged immediate fixes for Android flaw CVE-2025-48595, which Google said was exploited as a zero-day.