CISA Flags Actively Exploited Linux Kernel Vulnerability

Source Domain: www.linkedin.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a renewed warning to government agencies and private-sector organizations after adding a high-risk Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) Catalog. The move signals that federal authorities have identified credible evidence that threat actors are actively exploiting the flaw in real-world attacks, elevating concerns for organizations running Linux-based servers, cloud infrastructure, and containerized workloads.

The vulnerability affects the Linux kernel’s implementation of control groups (cgroups), a core mechanism used to manage and isolate system resources among processes. Security experts warn that successful exploitation can allow attackers to escalate privileges, escape containerized environments, and ultimately gain root-level control over affected systems.

The addition of CVE-2022-0492 to the KEV catalog places the vulnerability among a select group of security flaws that U.S. authorities consider to present a significant and immediate threat to federal networks. Under CISA’s Binding Operational Directive 22-01, federal civilian agencies are required to remediate cataloged vulnerabilities within prescribed timelines to reduce the risk of compromise.

Vulnerability Targets Core Linux Resource Management Mechanism

At the center of the issue is the Linux kernel’s release_agent functionality within cgroups v1, an older version of the control groups framework that remains widely deployed across enterprise environments despite the gradual transition toward cgroups v2.

The release_agent feature is…

Source