CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks

CVE-2022-0492 is an improper authentication flaw in the Linux kernel's cgroups v1 release_agent functionality that can allow a local attacker or a compromised container to execute arbitrary commands with elevated (root) privileges on the host. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog citing active exploitation, and federal agencies are required to remediate by June 5, 2026; mitigations include patching the kernel, disabling unprivileged user namespaces, and restricting cgroup access.