{"id":266373,"date":"2026-06-06T22:11:00","date_gmt":"2026-06-07T02:11:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/06\/cisa-warns-of-linux-kernel-improper-authentication-vulnerability-exploited-in-attacks\/"},"modified":"2026-06-07T05:00:10","modified_gmt":"2026-06-07T09:00:10","slug":"cisa-warns-of-linux-kernel-improper-authentication-vulnerability-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/06\/cisa-warns-of-linux-kernel-improper-authentication-vulnerability-exploited-in-attacks\/","title":{"rendered":"CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/linux-kernel-improper-authentication-vulnerability\/\">CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/linux-kernel-improper-authentication-vulnerability\/\">https:\/\/cybersecuritynews.com\/linux-kernel-improper-authentication-vulnerability\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-06 22:11:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks.<\/p>\n<p class=\"wp-block-paragraph\">The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers to achieve privilege escalation.<\/p>\n<p class=\"wp-block-paragraph\">CVE-2022-0492 stems from insufficient validation and authentication controls within the Linux kernel\u2019s control groups (cgroups) mechanism.<\/p>\n<p class=\"wp-block-paragraph\">Specifically, the vulnerability enables a local attacker to manipulate the release_agent functionality, which is designed to execute a script when a cgroup becomes empty.<\/p>\n<p class=\"wp-block-paragraph\">By exploiting this behavior, an attacker can execute arbitrary commands with elevated privileges, effectively escaping containerized environments or gaining root-level access on the host system.<\/p>\n<h2 id=\"h-linux-kernel-improper-authentication-flaw-exploit\" class=\"wp-block-heading\"><strong>Linux Kernel Improper Authentication Flaw Exploit<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Security researchers have noted that this flaw is particularly dangerous in containerized and cloud-native environments where cgroups are widely used for resource isolation.<\/p>\n<p class=\"wp-block-paragraph\">Misconfigured or unpatched systems may allow attackers who have already gained initial access, such as through a compromised container, to break out and take control of the underlying host.<\/p>\n<p class=\"wp-block-paragraph\">This aligns with the broader trend of attackers targeting container escape vulnerabilities to move laterally within cloud infrastructure.<\/p>\n<p class=\"wp-block-paragraph\">The vulnerability is associated with CWE-287 (Improper Authentication) and CWE-862 (Missing Authorization), highlighting inadequate checks for enforcing security boundaries.<\/p>\n<p class=\"wp-block-paragraph\">While there is currently no confirmed public attribution linking CVE-2022-0492 directly to ransomware campaigns, CISA\u2019s inclusion of the flaw in the KEV catalog indicates credible evidence of active exploitation in the wild.<\/p>\n<p class=\"wp-block-paragraph\">CISA has mandated federal agencies to remediate the&#8230;<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/linux-kernel-improper-authentication-vulnerability\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks https:\/\/cybersecuritynews.com\/linux-kernel-improper-authentication-vulnerability\/ Publish Date: 2026-06-06&#8230;<\/p>\n","protected":false},"author":1,"featured_media":266375,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/06\/CISA-Warns-of-Linux-Kernel-Improper-Authentication-Vulnerability-Exploited-in-Attacks.webp","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-266373","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/266373"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=266373"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/266373\/revisions"}],"predecessor-version":[{"id":266377,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/266373\/revisions\/266377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/266375"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=266373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=266373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=266373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}