Linux Kernel cgroups v1 Container Escape CVE-2022-0492 Added to KEV

Executive Summary

CISA added CVE-2022-0492 to the Known Exploited Vulnerabilities catalog on 2026-06-02, warning of active exploitation in the wild [Source 1]. The vulnerability affects the Linux kernel’s cgroups v1 subsystem (specifically the cgroup_release_agent_write function) and allows a local attacker inside a container to escape namespaces and escalate privileges to root on the host [Source 2] [Source 3].

The escape is achieved by exploiting the release_agent feature in cgroups v1, which allows the kernel to execute a user-specified command when a cgroup is emptied. If an attacker can write to the release_agent configuration file, they can configure it to execute a payload on the host with root privileges when the cgroup task list is emptied, resulting in a full container escape. Security researchers have published multiple proof-of-concept exploits showing that any container running as root (uid 0) or with CAP_SYS_ADMIN can perform this mount and escape if cgroups v1 is enabled and not restricted [Source 3] [Source 4].

Operators should audit their container environments and Kubernetes nodes to ensure host kernels are updated, restrict container capabilities (disallowing CAP_SYS_ADMIN), and disable unprivileged user namespaces where possible to prevent unprivileged users from mounting cgroups v1 filesystems [Source 2] [Source 4].

Source-Watcher Candidate Queue

candidate_id: "linux-cgroup-container-escape-cve-2022-0492-kev"
first_seen: "2026-06-02"
decision: "publish_ready"
relationship: "standalone_kev"
dedupe_keys:
  - "cve:CVE-2022-0492"
  - "technique:cgroup-release-agent"
  - "component:cgroups-v1"
starting_sources:
  - "CISA KEV"
  - "Linux Kernel security advisory"
  - "NVD"
  - "Unit 42 / Palo Alto Networks container escape research"

Key Facts

cve: "CVE-2022-0492"
vendor: "Linux"
product: "Kernel"
component: "cgroups v1"
kev_added: "2026-06-02"
kev_due: "2026-06-23"
fixed_version: "5.17"
platform:
  - "Linux"
  - "Kubernetes"
  - "Docker"
high_value_evidence:
  - "/proc/self/mounts (cgroup v1 mounts)"
  - "/proc/self/status (CapEff capabilities)"
  - "/sys/fs/cgroup/*/release_agent modifications"
  - "auditd logs (SYS_ADMIN mounts / release_agent writes)"

Source Confidence and Claim Ledger

Claim	Status	Evidence
CISA added CVE-2022-0492 to KEV on 2026-06-02.	confirmed	CISA’s KEV catalog is the authoritative exploited-vulnerability source for this post [Source 1].
The vulnerability is caused by missing permission checks in the cgroup v1 release_agent write handler.	confirmed	Linux kernel advisory and NVD identify the cgroups release_agent handler as lacking verification [Source 2] [Source 3].
A root or CAP_SYS_ADMIN container user is required to write to release_agent.	confirmed	Security research and proof of concepts demonstrate container escape capability requires cgroup mount capability, which requires root/CAP_SYS_ADMIN inside the container namespace [Source 3] [Source 4].
Public sources report specific ransomware groups using this for host compromise.	not_observed	Public reports show active in-the-wild exploitation but do not attribute the threat to a specific named ransomware family at this time.

Impact Determination

Classification	Criteria	Required evidence	Handling decision	Closure condition
Confirmed escape	Host audit logs show unauthorized mounts of cgroup v1 or writes to release_agent originating from container namespaces.	Auditd logs, container runtime logs, EDR alerts, and host integrity checks showing host-level unauthorized processes.	Isolate affected host and containers, rotate credentials, investigate host compromises, and patch kernel.	Host re-imaged with patched kernel, rotated credentials, and verification of zero unauthorized host-level processes.
Presumed exposed	Container running as root or with CAP_SYS_ADMIN capability enabled on an unpatched Linux host kernel.	Capabilities status (CapEff has 0x200000), /proc/mounts showing writeable cgroups v1, and kernel release < 5.17.	Upgrade host kernels, remove CAP_SYS_ADMIN from container specs, and run containers as non-root.	Verified kernel is patched or container lacks privileged cgroup v1 write access.
Potentially exposed	Host kernel is unpatched but containers are run as non-root without CAP_SYS_ADMIN and with user namespaces disabled.	Container YAML configurations, host kernel release, and Seccomp/AppArmor policies.	Apply kernel updates, enable Seccomp/AppArmor restrictions, and disable cgroups v1 if unused.	Patched host kernel or confirmation of complete isolation.
Not exposed	Host kernel is patched (>= 5.17 or backports), or cgroups v1 is disabled on the host, or no container infrastructure is in use.	uname -r indicating patched kernel release, or host configured with unified cgroups v2 only.	None needed. Preserve baseline configuration verification.	Verified patched kernel or cgroups v2-only mode.
Unknown	Kernel versions, container security contexts, or capability telemetry is unavailable.	Bounded telemetry gap with owner and resolution date.	Request host/container configuration details and run audit script.	Configurations verified or host remediated.

Timeline

• 2022-03-07: Linux kernel patches released to fix CVE-2022-0492 in the cgroup release_agent write handler [Source 2].
• 2022-03-09: Palo Alto Networks Unit 42 publishes detailed container escape analysis and proof of concept [Source 4].
• 2026-06-02: CISA adds CVE-2022-0492 to KEV due to active, in-the-wild exploitation [Source 1].
• 2026-06-06: This Halting Problems refresh detected CVE-2022-0492 in the latest KEV scan and published this container escape audit report.

Machine-Readable Event Profile

{
  "event_id": "linux-cgroup-container-escape-cve-2022-0492-kev",
  "title": "Linux Kernel cgroups v1 Container Escape CVE-2022-0492 Added to KEV",
  "first_seen": "2026-06-02",
  "published": "2026-06-06",
  "severity": "high",
  "ecosystem": ["Linux", "Docker", "Kubernetes"],
  "cve": "CVE-2022-0492",
  "vendor": "Linux",
  "product": "Kernel",
  "fixed_version": "5.17",
  "known_behaviors": [
    "mounting of cgroup v1 filesystem within container namespace",
    "writing to release_agent configuration file under cgroup v1 mount",
    "host-level execution of attacker-specified release_agent payload",
    "manipulation of notify_on_release to trigger host execution"
  ],
  "primary_sources": [
    "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
    "https://nvd.nist.gov/vuln/detail/CVE-2022-0492",
    "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a82eb554cfc125dc5cc988f8314e30b62e49c714",
    "https://unit42.paloaltonetworks.com/cve-2022-0492-user-namespaces-container-escape/"
  ]
}

Indicators of Compromise

packages:
  - "kernel"
fixed_versions:
  - "[email protected]"
files:
  - "/sys/fs/cgroup/*/release_agent"
  - "/sys/fs/cgroup/*/notify_on_release"
  - "/proc/self/mounts"
  - "/proc/self/status"
telemetry_selectors:
  - "CVE-2022-0492"
  - "release_agent"
  - "notify_on_release"
  - "cgroup_release_agent_write"

Detection and Hunting

Use the audit script at scripts/threat-posts/linux_cgroup_cve_2022_0492_audit.py.

python3 scripts/threat-posts/linux_cgroup_cve_2022_0492_audit.py \
  --telemetry-dir /var/log/container-configs \
  --output hp-cgroup-escape-cve-2022-0492-audit.json \
  --fail-on-risk

Positive signal: container running with CAP_SYS_ADMIN or writeable cgroups v1 mounts on a kernel < 5.17. Escalation: audit host-level process creation, check /sys/fs/cgroup configuration changes, and restrict container profiles.

KQL: Azure Sentinel / Log Analytics

Detect potential cgroup release_agent writing from container execution:

let startTime = datetime(2026-06-02T00:00:00Z);
let endTime = now();
union isfuzzy=true ContainerProcessEvents, SecurityEvent
| where TimeGenerated between (startTime .. endTime)
| where ProcessCommandLine has_any ("release_agent", "notify_on_release")
    or (ProcessCommandLine has "mount" and ProcessCommandLine has "cgroup" and ProcessCommandLine has_any ("rdma", "devices", "cpu", "memory", "freezer"))
| project TimeGenerated, Computer, ContainerID, Image, ProcessCommandLine, ParentProcessName, FolderPath

Splunk: Process Execution Audit

Detect process events where cgroup filesystem parameters are modified:

index=security OR index=container earliest="06/02/2026:00:00:00"
(CommandLine="*release_agent*" OR CommandLine="*notify_on_release*") OR (CommandLine="*mount*" AND CommandLine="*cgroup*" AND (CommandLine="*devices*" OR CommandLine="*freezer*"))
| table _time host container_id image user CommandLine ParentCommandLine

Downstream Abuse Audits

Audit host-level users, network sockets, active processes, cron jobs, and SSH keys. If cgroup container escape has occurred, treat the host node and all containers on it as compromised. Inspect container orchestrator control-plane tokens, node service-account tokens, and cloud metadata credentials accessed from the node.

Remediation Gates

1. Patch host kernels to version 5.17 or apply backported fixes from distro repositories.
2. Restrict container deployments: ensure no containers run with CAP_SYS_ADMIN or as privileged unless strictly necessary.
3. Configure Seccomp and AppArmor profiles to block container mount commands.
4. Disable unprivileged user namespaces (sysctl -w kernel.unprivileged_userns_clone=0) on hosts where they are not required, preventing unprivileged users from creating namespaces to mount cgroups.
5. Upgrade Kubernetes and container runtimes to versions enforcing modern cgroups v2-only unified hierarchy (which resolves cgroups v1 release_agent attack vectors).

Sources

1. CISA Known Exploited Vulnerabilities catalog
2. NVD: CVE-2022-0492
3. Linux kernel cgroups release_agent vulnerability commit
4. Palo Alto Networks Unit 42: CVE-2022-0492 User Namespaces Container Escape