CISA Issues Alert on Actively Exploited Linux Kernel Security Flaw
CISA Issues Alert on Actively Exploited Linux Kernel Security Flaw
https://gbhackers.com/cisa-issues-alert-on-linux-kernel-security-flaw/
Publish Date: 2026-06-05 03:28:00
Source Domain: gbhackers.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert warning organizations about the active exploitation of a Linux kernel vulnerability tracked as CVE-2022-0492.
The flaw, categorized as an improper authentication issue, affects Linux systems using the cgroups v1 release_agent feature and can allow attackers to escalate privileges within compromised environments.
Linux Kernel Security Flaw
According to CISA, the vulnerability was officially added to its Known Exploited Vulnerabilities (KEV) catalog on June 2, 2026, emphasizing its real-world exploitation risk.
Federal agencies and organizations are required to remediate the issue by June 5, 2026, under Binding Operational Directive (BOD) 22-01. The directive mandates the timely mitigation of vulnerabilities actively exploited by threat actors.
CVE-2022-0492 stems from improper authentication controls in the Linux kernel’s cgroups v1 subsystem. Specifically, attackers can exploit the release_agent mechanism to execute arbitrary code with elevated privileges.
This flaw is particularly dangerous in containerized environments where cgroups are widely used for resource isolation and management. If successfully exploited, a threat actor can escape container restrictions and gain root-level access on the host system.
The vulnerability maps to CWE-287 (Improper Authentication) and CWE-862 (Missing Authorization), highlighting fundamental access-control weaknesses. Security researchers have previously demonstrated that attackers with limited access to a system can exploit this flaw to escape from containers, making it a critical risk in cloud-native and Kubernetes-based infrastructures.
Although CISA has not confirmed whether CVE-2022-0492 is currently linked to specific ransomware campaigns, its inclusion in the KEV catalog strongly suggests active exploitation in the wild.
Historically, vulnerabilities that enable privilege escalation are…
