CVE-2022-0492

CVE-2022-0492

Vendor N/A
Product kernel
Weakness CWE-287 · Improper authentication
KEV Status Known Exploited
Published March 3, 2022
Last update June 3, 2026

CVSS base score

What the vulnerability does

01Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

March 3, 2022 CVE published
June 3, 2026 Record updated