CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability<\/a>, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks.<\/p>\n The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers to achieve privilege escalation.<\/p>\n CVE-2022-0492 stems from insufficient validation and authentication controls within the Linux kernel\u2019s control groups (cgroups) mechanism.<\/p>\n Specifically, the vulnerability enables a local attacker to manipulate the release_agent functionality, which is designed to execute a script when a cgroup becomes empty.<\/p>\n By exploiting this behavior, an attacker can execute arbitrary commands with elevated privileges, effectively escaping containerized environments or gaining root-level access<\/a> on the host system.<\/p>\n Security researchers have noted that this flaw is particularly dangerous in containerized and cloud-native environments where cgroups are widely used for resource isolation.<\/p>\n Misconfigured or unpatched systems may allow attackers who have already gained initial access, such as through a compromised container, to break out and take control of the underlying host.<\/p>\n This aligns with the broader trend of attackers targeting container escape vulnerabilities to move laterally within cloud infrastructure.<\/p>\n The vulnerability is associated with CWE-287 (Improper Authentication)<\/a> and CWE-862 (Missing Authorization)<\/a>, highlighting inadequate checks for enforcing security boundaries.<\/p>\n While there is currently no confirmed public attribution linking CVE-2022-0492 directly to ransomware campaigns, CISA\u2019s inclusion of the flaw in the KEV catalog indicates credible evidence of active exploitation in the wild.<\/p>\n CISA has mandated federal agencies to remediate the vulnerability by June 5, 2026, in accordance with Binding Operational Directive (BOD) 22-01.<\/p>\n The directive requires agencies to apply vendor-provided patches or mitigations to reduce exposure promptly.<\/p>\n Organizations that rely on affected Linux systems are strongly encouraged to follow similar timelines, as delays in patching could increase the risk of compromise.<\/p>\n Mitigation measures include updating the Linux kernel to a patched<\/a> version that addresses the release_agent issue, turning off unprivileged user namespaces where feasible, and restricting access to cgroup configurations.<\/p>\n Security teams should also audit container environments and monitor for suspicious activity related to cgroup manipulation, as this may indicate attempted exploitation.<\/p>\n The addition of CVE-2022-0492 to the KEV catalog<\/a> underscores the ongoing risk posed by privilege-escalation vulnerabilities in widely deployed open-source components.<\/p>\n As attackers increasingly target foundational technologies like the Linux kernel, timely patching and proactive monitoring remain essential to defending enterprise and cloud environments against evolving threats.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n The post CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nLinux Kernel Improper Authentication Flaw Exploit<\/strong><\/h2>\n