CISA has added CVE‑2022-0492 to its Known Exploited Vulnerabilities catalogue, affecting the Linux kernel. The vulnerability, named the Linux Kernel Improper Authentication Vulnerability, allows an attacker to escalate privileges by exploiting the cgroups v1 release_agent feature.
Technically, the flaw is an improper authentication issue that can be leveraged by a local user with access to the system to gain elevated rights. It carries a CVSS score of 7.8, rated HIGH, and a patch is available from vendors such as Debian (DSA‑5095) and through the mainline kernel commit 24f6008564183aa120d07c03d9289519c2fe02af.
Active exploitation has been confirmed, which is the basis for its inclusion in the KEV list. No known ransomware campaign has been linked to this CVE at this time. Federal Civilian Executive Branch (FCEB) agencies must remediate the vulnerability by the CISA‑set deadline of 5 June 2026.
CISA’s required action is to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. While this directive binds FCEB agencies, all organisations should review their exposure to the Linux kernel and apply any available patches or mitigations promptly.
For full details, refer to the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2022-0492 and the CISA KEV catalogue.