Skip to content

CVE-2022-0492: CISA Warns of Container Escapes via Linux Kernel Vulnerability

At a glance: CVE-2022-0492 (CVSS 7.8) enables privilege escalation and container escape with root access to the host through faulty authentication in cgroups v1.

The U.S. cybersecurity agency CISA has added CVE-2022-0492 to its catalog of actively exploited vulnerabilities. The Linux kernel flaw allows unauthorized users to escape containers and obtain root rights on the host system.

CISA has officially documented CVE-2022-0492 as an actively exploited security flaw. The vulnerability has a CVSS score of 7.8. Prior to the warning’s publication, Kaspersky observed practical attacks on isolated container environments. U.S. federal agencies are legally required to patch their affected systems by June 5, 2026.

The root cause lies in Linux control groups (cgroups), which govern operating system resources for process groups and form the foundation for container isolation together with namespaces. Only cgroups v1 is vulnerable; cgroups v2 is not affected. An authentication flaw allows attackers to manipulate the release_agent file in the root directory of the cgroup hierarchy. This file is automatically executed with root privileges once a control group becomes empty.

The technical exploitation works as follows: An attacker can deposit a malicious script on the host file system and execute it with root privileges via the manipulated release_agent file within the cgroup notification process. This results in container escape and privilege escalation. Additionally, the flaw enables the creation of a new user namespace with administrator rights, through which the manipulated release_agent file can be injected and full control over the host achieved.

Simultaneously, CISA warns of CVE-2025-48595, a zero-day vulnerability in the Framework module of Android. Google has provided a security update and confirmed that the vulnerability was already being exploited for targeted attacks before patch availability.


Source: www.it-daily.net · Published June 9, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.

Share on: