{
  "title": "Linux Kernel cgroups v1 Container Escape CVE-2022-0492 Added to KEV",
  "summary": "CISA added the Linux Kernel cgroups v1 container escape vulnerability (CVE-2022-0492) to KEV on 2026-06-02. The flaw allows unprivileged container processes with CAP_SYS_ADMIN or uid 0 to write to cgroups release_agent files and execute code on the host, escaping the container namespace. System operators should audit host kernels, verify container capabilities, and disable unprivileged user namespaces.",
  "date": "2026-06-06",
  "severity": "high",
  "tags": [
    "linux",
    "container-escape",
    "cgroups",
    "cisa-kev",
    "privilege-escalation"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "linux-cgroup-container-escape-cve-2022-0492-kev",
    "since": "2026-06-06T00:00:00Z",
    "until": "2026-06-06T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2022-0492"
    ],
    "cwes": [],
    "advisoryIds": [],
    "products": [
      "Kernel"
    ],
    "packages": [
      "kernel"
    ],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [
      "kernel@5.17"
    ],
    "files": [
      "/sys/fs/cgroup/*/release_agent",
      "/sys/fs/cgroup/*/notify_on_release",
      "/proc/self/mounts",
      "/proc/self/status"
    ],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "CVE-2022-0492",
      "release_agent",
      "notify_on_release",
      "cgroup_release_agent_write"
    ]
  }
}