CVE-2022-0492 is an improper authentication vulnerability in the Linux kernel's cgroups v1 feature. It allows any user to modify the release_agent file at the root of the cgroup hierarchy, which runs as root within the cgroup namespace when a cgroup becomes empty. Attackers can create a malicious script on the host filesystem that executes as root, enabling container escape and privilege escalation. The vulnerability also permits creation of a new user namespace with admin privileges to facilitate the exploit. Although technical details were published three years ago, exploitation in the wild was only recently reported, leading to a CISA advisory urging patching by June 5, 2026. The vulnerability affects container environments relying on cgroups v1 for resource and process isolation.

Successful exploitation allows attackers to escalate privileges to root and escape container isolation, potentially compromising the host system. This undermines container security by bypassing namespace isolation and executing arbitrary code with elevated privileges on the host. The vulnerability affects systems using cgroups v1, which is critical for container resource management. The impact is significant for containerized environments but is rated low severity by the source. No specific information about affected versions or patch availability was provided.

CISA has added CVE-2022-0492 to its Known Exploited Vulnerabilities catalog and urges immediate patching by June 5, 2026. Although the source does not provide explicit patch links or vendor advisory details, organizations should verify with their Linux distribution vendors for available patches or updates addressing this vulnerability. If patching is not immediately possible, consider disabling or limiting use of cgroups v1 in container environments where feasible. Monitor vendor advisories for official fixes and remediation guidance.