CISA says attackers are now exploiting a Linux kernel bug that can let someone break out of a container and gain root-level control on the host system. The flaw, CVE-2022-0492, is an improper authentication issue in Linux cgroups v1 that allows modification of the release_agent mechanism, enabling privilege escalation and container escape; CISA added it to the Known Exploited Vulnerabilities catalog after Kaspersky reported real-world exploitation, and federal agencies were told to patch by June 5.
Why it matters: Organizations running Linux containers could be at risk of full host compromise if affected systems are unpatched. This is urgent for cloud, server, and platform teams: identify systems using cgroups v1, apply available kernel fixes, and review container hardening and isolation settings immediately.
Bill Toulas
2026.06.03
99% relevant
This is effectively the same event: CISA's KEV addition for CVE-2022-0492, the Linux kernel cgroups v1 container-escape and privilege-escalation flaw, with the article restating affected kernel ranges and patch guidance.
Ionut Arghire
2026.06.03
100% relevant
This article establishes a distinct tracked event: the first formal CISA KEV warning and public confirmation of in-the-wild exploitation for Linux kernel flaw CVE-2022-0492.
← Back to all stories