CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks
CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks
https://cybersecuritynews.com/linux-kernel-improper-authentication-vulnerability/
Publish Date: 2026-06-06 22:11:00
Source Domain: cybersecuritynews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks.
The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers to achieve privilege escalation.
CVE-2022-0492 stems from insufficient validation and authentication controls within the Linux kernel’s control groups (cgroups) mechanism.
Specifically, the vulnerability enables a local attacker to manipulate the release_agent functionality, which is designed to execute a script when a cgroup becomes empty.
By exploiting this behavior, an attacker can execute arbitrary commands with elevated privileges, effectively escaping containerized environments or gaining root-level access on the host system.
Linux Kernel Improper Authentication Flaw Exploit
Security researchers have noted that this flaw is particularly dangerous in containerized and cloud-native environments where cgroups are widely used for resource isolation.
Misconfigured or unpatched systems may allow attackers who have already gained initial access, such as through a compromised container, to break out and take control of the underlying host.
This aligns with the broader trend of attackers targeting container escape vulnerabilities to move laterally within cloud infrastructure.
The vulnerability is associated with CWE-287 (Improper Authentication) and CWE-862 (Missing Authorization), highlighting inadequate checks for enforcing security boundaries.
While there is currently no confirmed public attribution linking CVE-2022-0492 directly to ransomware campaigns, CISA’s inclusion of the flaw in the KEV catalog indicates credible evidence of active exploitation in the wild.
CISA has mandated federal agencies to remediate the…
