Actively exploitedCVSS 7.8 · HIGH

CVE-2022-0492

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

View on NVD

Analysis

Una vulnerabilidad en el kernel de Linux permite el escalamiento de privilegios y el escape de contenedores mediante la funcionalidad cgroups v1. Este fallo está siendo explotado activamente y compromete directamente el aislamiento de namespaces en entornos que utilizan Docker o Kubernetes.

Relevant roles

LinuxDockerKubernetesCloudCyberSecurityBackend

Severity

Score: 7.8(HIGH)

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AV: LOCAL

AC: LOW

PR: LOW

UI: NONE

S: UNCHANGED

C: HIGH

I: HIGH

A: HIGH

Weakness (CWE): CWE-287CWE-862

CISA KEV

Added to KEV: 2026-06-02

Federal patch deadline: 2026-06-05

Known ransomware use: Unknown

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS

Probability of exploitation (next 30 days): 0.0524 (5.2%)

Percentile: 90.1%

EPSS: 2026-06-02

Affects

linux:linux_kerneldebian:debian_linuxredhat:codeready_linux_builderredhat:codeready_linux_builder_for_power_little_endianredhat:virtualization_hostredhat:enterprise_linuxredhat:enterprise_linux_eusredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_power_little_endianredhat:enterprise_linux_for_power_little_endian_eusredhat:enterprise_linux_for_real_time_for_nfv_tusredhat:enterprise_linux_for_real_time_tusredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsredhat:enterprise_linux_server_tusredhat:enterprise_linux_server_update_services_for_sap_solutionscanonical:ubuntu_linuxfedoraproject:fedoranetapp:solidfire\,_enterprise_sds_\&_hci_storage_nodenetapp:solidfire_\&_hci_management_nodenetapp:h300enetapp:h300snetapp:h410cnetapp:h410snetapp:h500enetapp:h500snetapp:h700enetapp:h700snetapp:hci_compute_node

Technical description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Published: 3/3/2022, 7:15:08 PM

Last modified: 6/2/2026, 5:16:21 PM

References

How to read this card

Actively exploited

KEV (Known Exploited Vulnerabilities) is CISA's catalog of CVEs confirmed as actively exploited in the real world. If a CVE is on KEV, someone is already using it in attacks.

CVSS 10.0

CVSS 10.0 — máxima severidad teórica. Explotable de forma remota, sin privilegios, con impacto total. Aún no confirmada como explotada en el mundo real, pero parchea ya.

AI-recommended

Un modelo de lenguaje revisó el CVE y consideró que afecta a software ampliamente desplegado o herramientas comunes de desarrollo. Un humano del equipo aprobó la publicación antes de que llegara aquí.

Categorías de impacto que evalúa la IA

widely_deployed_infra — kernel Linux, OpenSSL, glibc, k8s, Docker, nginx, OpenSSH.

popular_dev_tooling — Node.js, Python, Go, React, Next.js, librerías comunes de npm/pip.

common_consumer_software — Chrome, Firefox, Windows, macOS, apps móviles populares.

enterprise_saas — GitHub, GitLab, Atlassian, Salesforce, Cisco, Fortinet, Ivanti.

niche_software — CMS regionales, herramientas de hobby, librerías de poco uso.

not_relevant — firmware específico de proveedor, software descontinuado.

EPSS — EPSS (Exploit Prediction Scoring System) by FIRST.org estimates the probability that a CVE will be exploited in the next 30 days. Range is 0 to 1; very fresh CVEs typically score low until evidence accumulates.