CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 07, 2026

CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks

Cybersecurity News Archived Jun 07, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers […] The post CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in At

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks By Abinaya June 7, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers to achieve privilege escalation. CVE-2022-0492 stems from insufficient validation and authentication controls within the Linux kernel’s control groups (cgroups) mechanism. Specifically, the vulnerability enables a local attacker to manipulate the release_agent functionality, which is designed to execute a script when a cgroup becomes empty. By exploiting this behavior, an attacker can execute arbitrary commands with elevated privileges, effectively escaping containerized environments or gaining root-level access on the host system. Linux Kernel Improper Authentication Flaw Exploit Security researchers have noted that this flaw is particularly dangerous in containerized and cloud-native environments where cgroups are widely used for resource isolation. Misconfigured or unpatched systems may allow attackers who have already gained initial access, such as through a compromised container, to break out and take control of the underlying host. This aligns with the broader trend of attackers targeting container escape vulnerabilities to move laterally within cloud infrastructure. The vulnerability is associated with CWE-287 (Improper Authentication) and CWE-862 (Missing Authorization), highlighting inadequate checks for enforcing security boundaries. While there is currently no confirmed public attribution linking CVE-2022-0492 directly to ransomware campaigns, CISA’s inclusion of the flaw in the KEV catalog indicates credible evidence of active exploitation in the wild. CISA has mandated federal agencies to remediate the vulnerability by June 5, 2026, in accordance with Binding Operational Directive (BOD) 22-01. The directive requires agencies to apply vendor-provided patches or mitigations to reduce exposure promptly. Organizations that rely on affected Linux systems are strongly encouraged to follow similar timelines, as delays in patching could increase the risk of compromise. Mitigation measures include updating the Linux kernel to a patched version that addresses the release_agent issue, turning off unprivileged user namespaces where feasible, and restricting access to cgroup configurations. Security teams should also audit container environments and monitor for suspicious activity related to cgroup manipulation, as this may indicate attempted exploitation. The addition of CVE-2022-0492 to the KEV catalog underscores the ongoing risk posed by privilege-escalation vulnerabilities in widely deployed open-source components. As attackers increasingly target foundational technologies like the Linux kernel, timely patching and proactive monitoring remain essential to defending enterprise and cloud environments against evolving threats. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Dashlane Details How Hackers Managed to Download Encrypted Password Vaults Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing Nimbus Manticore APT Abuses Fake Recruitment Portal to Deliver Custom Malware Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User Latest News Cyber Security Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies Cyber Security News CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks Cyber Security News Top 5 Best Tools for Simulated DDoS Attacks in 2026 Cyber Security News Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks Cyber Security OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 07, 2026
    Archived
    Jun 07, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗