U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

CISA added two high-severity flaws to its Known Exploited Vulnerabilities catalog: CVE-2022-0492 (Linux kernel cgroups v1 release_agent vulnerability enabling local privilege escalation/container escape, CVSS 7.0) and CVE-2025-48595 (Android Framework integer overflow affecting Android 14–16, CVSS 8.4, with indications of limited targeted exploitation). Federal agencies are required to remediate these vulnerabilities by June 5, 2026.