CVE-2022-0492

Published Mar 3, 2022

Last updated 10 hours ago

Exploit knownCVSS high 7.8
Ubuntu
Cloud
Container Security
ICS

Overview

AI description

Automated description summarized from trusted sources.

CVE-2022-0492 is a privilege escalation vulnerability found in the Linux kernel, specifically within the `cgroup_release_agent_write` function in the cgroups v1 implementation. This flaw allows an attacker to bypass namespace isolation and escalate privileges. The core issue stems from a missing authorization or capability check, enabling users who should not have such permissions to interact with a critical system file. The vulnerability exploits the `release_agent` feature of cgroups v1. This feature is designed to execute a specified program as the root user when a control group becomes empty. Under normal circumstances, only privileged users should be able to modify the `release_agent` file. However, CVE-2022-0492 allowed unprivileged users to manipulate this file, leading to the execution of arbitrary code with root privileges on the host system, thereby facilitating container escape.

Description
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Source
secalert@redhat.com
NVD status
Analyzed
Products
h300s_firmware, h410c_firmware, h410s_firmware, h500s_firmware, h700s_firmware, bootstrap_os, linux_kernel, debian_linux, codeready_linux_builder, codeready_linux_builder_for_power_little_endian, virtualization_host, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_for_real_time_for_nfv_tus, enterprise_linux_for_real_time_tus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_server_tus, enterprise_linux_server_update_services_for_sap_solutions, ubuntu_linux, fedora, solidfire\,_enterprise_sds_\&_hci_storage_node, solidfire_\&_hci_management_node

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
6.9
Impact score
10
Exploitability score
3.4
Vector string
AV:L/AC:M/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Improper Authentication Vulnerability
Exploit added on
Jun 2, 2026
Exploit action due
Jun 5, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secalert@redhat.com
CWE-287
nvd@nist.gov
CWE-862

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

10

  1. CISA added active exploitation alerts for CVE-2025-48595 in Android Framework and CVE-2022-0492 in Linux kernel. The Android flaw affects Android 14-16; the Linux bug can enable container escape and root access. #Android #Linux #CISA https://t.co/7H79MzFhKc

    @TweetThreatNews

    3 Jun 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Two CVEs hit CISA's KEV today. CVE-2025-48595 is a zero-interaction privilege escalation affecting Android 14-16. CVE-2022-0492 enables container escape to root via Linux cgroups v1. Federal agencies have until June 5 to patch.

    @XavierRiveraX

    3 Jun 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-53773 2 - CVE-2025-32711 3 - CVE-2022-0492 4 - CVE-2024-21182 5 - CVE-2026-0257 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    3 Jun 2026

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Jun 2) CVE-2022-0492 Linuxカーネルの不適切な認証の脆弱性 CVE-2025-48595 Androidフレームワークの整数オーバーフロ

    @foxbook

    3 Jun 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにLinux Kernelの認証不備CVE-2022-0492とAndroidの整数オーバーフローCVE-2025-48595を追加。対処期限はいずれも重大リスク扱いの

    @__kokumoto

    2 Jun 2026

    1096 Impressions

    0 Retweets

    7 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  6. 🛡️ We added Linux Kernel improper authentication vulnerability CVE-2022-0492 & Android Framework integer overflow vulnerability CVE-2025-48595 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from c

    @CISACyber

    2 Jun 2026

    4558 Impressions

    12 Retweets

    36 Likes

    4 Bookmarks

    1 Reply

    1 Quote

Configurations

Related CVEs

  1. CVE-2025-14269
  2. CVE-2024-10085
  3. Android Framework Integer Overflow VulnerabilityCVE-2025-48595
  4. A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.CVE-2026-9039
  5. Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.CVE-2026-47337

References

Sources include official advisories and independent security research.