{"id":263603,"date":"2026-06-03T07:56:00","date_gmt":"2026-06-03T11:56:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/03\/organizations-warned-of-exploited-linux-kernel-vulnerability\/"},"modified":"2026-06-04T01:30:18","modified_gmt":"2026-06-04T05:30:18","slug":"organizations-warned-of-exploited-linux-kernel-vulnerability","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/03\/organizations-warned-of-exploited-linux-kernel-vulnerability\/","title":{"rendered":"Organizations Warned of Exploited Linux Kernel Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/organizations-warned-of-exploited-linux-kernel-vulnerability\/\">Organizations Warned of Exploited Linux Kernel Vulnerability<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/organizations-warned-of-exploited-linux-kernel-vulnerability\/\">https:\/\/www.securityweek.com\/organizations-warned-of-exploited-linux-kernel-vulnerability\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-03 07:56:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>The US cybersecurity agency CISA on Tuesday warned of in-the-wild exploitation of a Linux kernel vulnerability that leads to container escapes.<\/strong><\/p>\n<p class=\"wp-block-paragraph\">Tracked as CVE-2022-0492 (CVSS score of 7.8), the issue is described as an improper authentication vulnerability that could allow attackers to elevate their privileges and bypass the namespace isolation.<\/p>\n<p class=\"wp-block-paragraph\">The security defect was found in cgroups, the Linux kernel\u2019s control groups feature that specifies which OS resources a group of processes can use. While there are two control group versions, only cgroups v1 is affected.<\/p>\n<p class=\"wp-block-paragraph\">Together with namespaces, cgroups can be used for process isolation and to restrict access to certain resources, which makes the feature essential for container creation.<\/p>\n<p class=\"wp-block-paragraph\">Due to the vulnerability, any user could modify the release_agent file residing at the root of the cgroup hierarchy, which runs as root within the cgroup namespace as part of cgroup v1\u2019s notification mechanism when a cgroup becomes empty.<\/p>\n<p class=\"wp-block-paragraph\">\u201cIt is then possible to create a malicious script that is located on the host filesystem that will be run as root as part of the cgroup notification process, essentially allowing for a container escape and privilege escalation,\u201d HackTheBox explains.<\/p>\n<p><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/p>\n<p class=\"wp-block-paragraph\">Additionally, the bug allowed attackers to create a new user namespace with admin privileges and then create a cgroup with a malicious release_agent file, triggering the exploit.<\/p>\n<p class=\"wp-block-paragraph\">Technical details on CVE-2022-0492 were published roughly three years ago, but its in-the-wild exploitation was reported only this week, one day before CISA\u2019s alert.<\/p>\n<p class=\"wp-block-paragraph\">Kaspersky mentioned the exploitation of CVE-2022-0492 in a blog post describing attacks on container environments, but has not specified who is behind the attacks, nor who the victims are.<\/p>\n<p class=\"wp-block-paragraph\">On Tuesday, the cybersecurity agency added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it by June&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/organizations-warned-of-exploited-linux-kernel-vulnerability\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Organizations Warned of Exploited Linux Kernel Vulnerability https:\/\/www.securityweek.com\/organizations-warned-of-exploited-linux-kernel-vulnerability\/ Publish Date: 2026-06-03 07:56:00 Source Domain: www.securityweek.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":263604,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2025\/03\/kubernetes-cloud.jpeg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,71,57,27],"class_list":["post-263603","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/263603"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=263603"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/263603\/revisions"}],"predecessor-version":[{"id":263605,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/263603\/revisions\/263605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/263604"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=263603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=263603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=263603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}